Cyber Security Incident Notice

Overview

On 5 March 2026, RE/MAX detected unauthorised access to certain internal systems by a third party that identifies themselves as "Team Cyber Strike". The breach was detected shortly after it occurred, and our technology teams acted swiftly to contain the situation. Systems have since been restored, and full operations have resumed.

We can confirm that we rejected a blackmail attempt by refusing to negotiate with criminals. This stance reflects the longstanding corporate values of RE/MAX and its commitment to acting with integrity, even under pressure.

Cyber threats are becoming increasingly sophisticated and widespread across all industries, and organisations of every size are being targeted. As such, this incident should not be viewed as a reflection of our cyber resilience. RE/MAX remains committed to continuously improving its defences and enhancing its security posture.

What Happened

Internal technical assessments indicate that the attackers used a bruteforce method followed by SQL injection to access database information and disrupt operations by deleting certain tables.

Upon discovery, we immediately:

• Engaged external forensic specialists and legal counsel
• Conducted forensic analysis of AWS activity logs and affected systems
• Initiated device-level forensic imaging for developers and IT personnel with access to S3 credentials
• Stabilized systems and restored affected databases and artefacts from backups
• Reviewed and strengthened access controls
• Rotated passwords and keys
• Notified all relevant regulatory authorities in accordance with legislative requirements

What Information Was Affected

Preliminary forensic findings indicate that certain documents stored within the affected environment may have been accessed. This includes certain types of personal information pertaining to some (but not all) clients and RE/MAX affiliates, including:

• Unique identifiers such as: Identifying number, e-mail address, physical address, telephone number, age, etc.
• Transactional related data (such as, documents, OTPs, commission, etc.)

A detailed data impact assessment is under way to confirm the exact categories of personal information involved. This page will be updated as soon as new information becomes available.

Our Response and Enhanced Security Measures

RE/MAX has taken immediate measures to contain the incident, which include:

• Engaging external forensic specialists and legal counsel
• Conducting forensic analysis of AWS activity logs and affected systems
• Initiating device-level forensic imaging for developers and IT personnel with access to S3 credentials
• Stabilising systems and restoring affected databases and artefacts from backups
• Reviewing and strengthening access controls
• Initiating a data-impact assessment to identify categories of personal information affected, which is ongoing
• Rotating passwords and keys

We are committed to learning from this incident and continuously improving our security practices to protect your information.

What You Can Do to Protect Yourself

Based on current findings, the possible consequences might include identity theft, fraud, loss of reputation and loss of confidentiality of personal data protected by professional secrecy.

As precautionary measures, we recommend that you are vigilant to any suspicious communications or unusual activities.

We encourage you to safeguard your personal information by following these global best practice security measures:

Contact Information and Support

We remain committed to protecting the personal information in our care.

If more information is needed or you have questions, please contact us at:

We sincerely apologize for any concern or inconvenience this incident may cause. The trust you place in us is paramount, and we are committed to maintaining the highest standards of security and privacy to protect your information.

We will continue to provide updates on this page as our investigation progresses and additional information becomes available.