Property Cybercrime Rising: What You Need to Know

A Conversation With Rob Tennant and Rob Love

In recent years, cybercrime has surged across nearly every industry, with real estate emerging as a prime target for hackers.

Interim Chief Information Security Officer Rob Tennant, and Rob Love, a principal in advisory services product management, share their expert insights on the growing risks and explain why cybersecurity has become such a hot button issue in the property industry. They explore the rise of real estate wire fraud, discuss the vulnerabilities of agents and brokers in handling sensitive data, and offer tips on preventing cyberattacks from derailing transactions.

In This Episode:

Up Next

How Could Gig Work and Automation Lead to More Mortgage Fraud?

Rob Tennant:

I think we all have to take, again, personal accountability for this is what I can do to make sure that I can secure this transaction or this communication, or whatever it is. And for some, it’s going to be very little, right? If you’re a smaller broker or you’re a real estate agent that has two or three customers, it’s not going to be on the same scale as a larger brokerage house or someone like CoreLogic or any of the other kind of players in that space. But I think we all need to recognize that there’s more we could be doing and then implement those measures.

Maiclaire Bolton Smith:

Welcome back to Core Conversations: A CoreLogic Podcast where we tour the property market to investigate how economics, climate change, governmental policy, and technology affect everyday life. I am your host Maiclaire Bolton Smith, and I’m just as curious as you are about everything that happens in our industry. Although it’s not unique to the property industry, it’s of particular concern for so many in this world. There have been several high profile data breaches in the news recently, which has brought national attention to cyber crime, and it doesn’t look like these breaches will end anytime soon. Whether it’s hacking emails for small scale fraud, large scale money laundering, or social engineering to slip into real estate transactions, cybercrime takes many forms. It’s also something that’s difficult to detect, which is why the losses associated with this type of crime are growing. So to talk about the risk of cybercrime and why it’s growing and what can be done, we have CoreLogic’s interim Chief Information Security Officer Rob Tennant, and Rob Love, a principal in advisory services product management. So Rob and Rob, welcome to Core Conversations.

RT:

Thank you.

Rob Love:

Thank you.

Erika Stanley:

Before we get too far into this episode, I wanted to remind our listeners that we want to help you keep pace with the property market. To make it easy, we curate the latest insight and analysis for you on our social media where you can find us using the handle at CoreLogic on Facebook and LinkedIn, or at CoreLogic Inc. On X, formerly known as Twitter and Instagram. But now let’s get back to May, Claire, Rob, tenet, and Rob Love.

MBS:

So, okay, let’s just start by setting the stage and talking exactly what is cybercrime and why the property industry is such an appealing target. So Rob, Tennant, CISO, Rob, why don’t we start with you?

RT:

Yeah, no, great. And thanks again for having me. This is great. I’m really looking forward to it. So cybercrime cybersecurity issues that we’ve seen in the industry, really 2023, late 23, early 24 watershed years when it comes to our industry and cybersecurity issues and things like that. So the cyber crime that we’ve been seeing has been, social engineering has been playing a large role in it. Ransomware or the threat of ransomware has been a huge kind of driver in things that we’ve seen very little in terms of some of the other things that might come up in people’s minds in terms of cybercrime and things like that. DDoS-ing really isn’t a thing anymore, at least we haven’t seen a lot of that, but I think our security tools have kind of adapted to those types of things. So we haven’t seen a lot of that, but really that social engineering piece is huge because it’s patching the person. It’s all these individuals that are susceptible to certain things that these threat actors know it all too well, and they are experts at it. So at any rate, so that’s been the biggest thing that we’ve seen.

MBS:

Yeah, it’s interesting because you think back 10, 15 years even, you didn’t really hear much about this. You heard about the odd data breach, but now it seems like every other day it’s in the news that this is happening somewhere. I guess when we think of impacts specifically across our industry, what kind of impacts are we seeing?

RT:

Well, the impact that we’ve been seeing has been everything from a slowdown in operations to a complete shutdown of an entire enterprise. And we’ve seen a lot in terms of these intermediaries or partners that CoreLogics connected with or that are within the real estate industry that are providing a certain service that wind up having a cyber crime, and then that one little piece goes away, but then it impacts the entire ecosystem. So we’ve seen huge, relatively impactful issues from relatively small players, but it impacting the whole industry.

MBS:

Yeah, I guess too, I mean, when anybody thinks of the real estate industry, it’s filled with important data, personal data. So what are the consequences of personal identifiable data getting out?

RT:

Well, gosh, I mean, every single state has their own cybersecurity or breach legislation that winds up being potentially enacted. If something happens that if a resident of that state’s data is, if there’s unauthorized access, then that state can wind up having, or there’s requirements within that state that you have to adhere to. So there’s that. There’s GLBA, there’s all sorts of things that we kind of track and that we know about, but we’re seeing more and more regulations around privacy and data and keeping it protected and things like that.

MBS:

I’m going to get you to define GLBA from my cybersecurity training. I’m going to say it’s the Graham Leach Bribery Act,

RT:

Graham Leach Bliley,

MBS:

Something like that.

RT:

Very close. Very close. You get a gold star for the effort for sure. Yeah. But that, that’s been around, gosh, GLBA has been around 20 years, I want to say. And it really kind of set the foundation for what confidential data is. So name, address, social security number, data elements like that that we use in the cybersecurity space to make sure, hey, these are kind of table stakes types of data elements that we need to protect.

MBS:

Sure, yeah, no, super interesting. When I think of some of the breaches that really make big news, a lot of times we’re hearing that they are hackers coming from China and Russia. Is that, should everybody just be concerned with international hackers in particular, those two countries, or are they everywhere?

RT:

Well, I’ll give you my perspective, and it’s less perspective and more kind of factual that the U.S. actually has got, if you look at a list of countries with the number of cyber criminal activity, the U.S. is right up there. So I would guard against, oh, well, Russia doesn’t know about me or whatever. So it’s all over Brazil and they’re South America and Asia and Europe, it’s pretty much all over. China and Russia do get a lot of attention, but rightfully so, a lot of state sponsored activity, and I, I won’t soapbox that one too much, but yeah, I would think it’s not just those countries. This criminal enterprise is all over the place that are using social engineering and other cyber types of crimes because they’ve seen the effectiveness of it.

MBS:

And I think you’re saying too, that just how the U.S. ranks so high, that right there is an important statistic,

RL:

And I think if you’re on the dark web, it doesn’t matter where you are, you can buy information, you can get those details, you can start compiling those profiles of people and you can fraud them. Certainly. I know there’s a lot of activity over there, but there’s certainly no shortage of it here, so be vigilant wherever you are.

MBS:

And these are very intelligent individuals with technology at their fingertips. Absolutely. Oh yeah.

RT:

Well, I mean, just the thing that we saw with kind of the escalation of some of these social engineering attacks, these are, I mean, in a lot of cases, the group that we saw that was doing this, they were younger types of people that were executing the ones that hit MGM and Caesars last year, and they know how to socially engineer people. So it’s low tech, but it’s highly effective. I mean, it’s almost that psychology that they are able to tap into to get someone to motivate, to get them to provide

MBS:

Whatever

RT:

It is that they’re looking

MBS:

For. Yeah, exactly. That doesn’t surprise me at all. Okay, Rob, love real estate. Rob, I’m going to call you. Let’s focus specifically on real estate. When we look at both the residential and the commercial real estate sectors, is there any kind of unique things that we’re seeing in cybercrime for the two of them, or differences even? Yeah,

RL:

Well, I mean I think that the reality is agents have so much access. Agents and brokers have so much access to sensitive personal financial information, and it’s found in a ton of places for them as well. It’s in their email, their transaction document management system form. So as kind of an independent contractor, they’re highly susceptible to this and also has physical formats as well, depending on the agent’s workflow. So the impact is going to largely depend on what exactly the information is that was breached. It’s going to matter what state they’re in, it’s going to matter which state or even country the person who was breached was in. And given that sort of patchwork of laws that apply there, I think it’s really, really, really important because it can have severe consequences to an agent’s reputation. And this is what I think is really important here is you can recover financially to a degree, but in terms of reputational damage, that is a much more difficult thing to actually recover from. And so there’s significant individual concern for an agent because of those reasons. And agents almost as much as any other present profession really have access to a lot of sensitive data

Because their clients are involved in a highly, highly sensitive financial transaction.

MBS:

Yeah, it’s interesting too because I’ve looked back at the transactions we’ve done in purchasing homes and refinancing homes too with both our real estate agent and our mortgage broker on the amount of information they need from you. And sometimes too, I feel like initially it was like, oh, just email us this. And personally, my husband’s in the cybersecurity field as well, so I’m like, I’m sorry, I can’t do that. Do you have some sort of secure upload or something that I can do, just I know that it is so highly sensitive. So I guess, can you just talk a little bit about how data security is important for individual real estate agents, even though they may be contractors, which means that there potentially could be limitations on what companies can and cannot ’em to do?

RL:

Yeah, I mean, I think that one of the most important things when we talk about this from an agent perspective at least, is really around document retention. Because the rules for this are going to vary by state, and so it needs to be balanced with that and kind of the real estate regulations as well.

But oftentimes, many agents will leave things like in their email for years and years and years and never think to go back and remove those. And the challenge is the more of that sensitive data you have within even an email account or a document management system that you don’t necessarily need to retain anymore, the more you’re increasing your own kind of personal liability in this case. Because if a breach happens, then there’s just so much more information that could be compromised. And again, this comes back to something that I think is increasingly happening in this industry, which is seller impersonation.

MBS:

Can you talk a little bit more about that?

RL:

Well, seller impersonation, this is really about real estate wire fraud. This is where hackers basically can impersonate an agent, maybe a title office and essentially have money wired to a bogus account. Actually, according to an October, 2023 survey, about 54% of real estate professionals reported having experienced at least one seller impersonation fraud attempt within the past six months.

MBS:

Wow, that’s huge.

RL:

Yes, it’s a big problem in the industry, and it’s annually costs somewhere in the neighborhood of half a billion dollars in losses.

MBS:

Wow, wow. Again, I go back to, I’ve talked a lot on the podcast on us purchasing this specific house, and I remember it was a very different than five-ish years earlier when we purchased our first house, when, I don’t remember hearing all about fraud when we bought our first house, but with this house, I remember getting the invoice from the title company on, you have to pay the deposit, but it’s like, please phone us at this phone number to get a six digit code to repeat to us to when you pay your fee. And it was all about cyber crime, and it was all about making sure that there wasn’t any seller spoofing or trying to hack in to take the deposit for this home. And I thought that was really interesting because that to me was showing how the industry had evolved within a very short period of time.

RL:

Yeah, absolutely.

MBS:

Yeah. Okay. I mentioned a little bit about mortgage as well too, and I think mortgage and insurance, there’s got to be huge vulnerabilities in those sectors as well, too.

RT:

Well, I think just leading off what Rob was talking about,

The other thing with these transactions that we’re talking about that lead into cyber crime or make them rife for this type of thing to happen is the speed at which a lot of these transactions need to happen. So if you’ve got a closing that happens within two weeks or 30 days, or you’re getting down to the wire and then you’re anticipating getting that email or getting that notification like, Hey, we need you to do X, Y, or Z, or Hey, don’t forget to submit this form or whatever, then as long as that message is crafted in such a way that it’s like, oh, I need to jump on this right away, then you might not say, oh, is this my broker? Is this my agent? Is this coming from the right person? Is this really the link that I need to be clicking on? So I think there, there’s a lot of emotion tied up in purchasing a home, and rightfully so. It’s also where those threat actors insert themselves knowing that, Hey, they’re coming up to a closing date and let’s see if we can inject ourselves in there. So I think that’s the other piece within the real estate industry that is a challenging aspect to it. But that was just something else I was thinking

MBS:

About. It’s interesting because I flip back to the drama that ensued when we bought this house that I’ve talked about on the podcast before too, and a number of things happened, but one thing was the sellers were actually overseas in the property that we bought, and all of the documents for closing had to be notarized at the embassy for them sending them to us. And then when the documents were sent to us, they got lost in the mail. I guess they got to customs and they sent them back to the country when they entered the us I’m not sure why, but they got lost and the selling agent had faxed copies or digital copies of them, sent them to the title office, and they’re like, oh, well, here’s a copy of them. We just use these. And they said, no, we need the official signed paper documents to be able to proceed. And at the time, being very emotional about the situation, that was very frustrating to me. I just wanted to move into my house. But looking back on it, especially hearing what the two of you were saying, that’s why it’s so important to have these official documents because especially with a transaction happening overseas too, I can think that that would just be an added layer of potential vulnerability.

RT:

Yeah, that’s a layer of complexity that hopefully not a lot of people have to deal with. But yeah, it’s stuff like that that just adds to all of this.

MBS:

So yeah, if something crazy’s going to happen, it’s going to happen to me.

ES:

It’s that time again, grab a cup of coffee or your favorite beverage, we’re going to do the numbers in the housing market. Here’s what you need to know with the Fed recently cutting interest rates, mortgage refinance activity is expected to pick up. Add to that a growing optimism that there might be multiple rate cuts by the end of 2024, which could drop mortgage interest rates even further in. Many homeowners may want to refinance for lower mortgage payments. So just how many homeowners may look to refinance. CoreLogic looked at 15.7 million first lien mortgages and found that seven 7% of these loans originated in 2023 and 2024. Average loan sizes for the 2023 and 2024 origination cohorts are $361,000 and $371,000 respectively. Many of these will be among the first in line to apply for refinancing. Should interest rates drop at or below 6% even as refinancing potential increases. Homeowners have seen their equity increase by a total of $1.3 trillion since the second quarter of 2023. This is a gain of 8% year over year, bringing the total net homeowner equity to over 17.6 trillion in the second quarter of 2024. And that’s the sip. See you next time.

MBS:

Okay. How do these breaches happen? I guess people always think of malware and you click on a link or spoofing emails are a big thing right now. Phishing emails, spear phishing, these are all terminology that everyone is so familiar with now, or is it just good old fashioned hacking? How are these breaches happening?

RT:

Well, I guess the way that I’ve seen it happen, so these threat actors, they do their research. I think first and foremost, they go out and they do spend some time figuring out who these people are that they might be targeting and saying, oh, they’re a real estate agent, or they’re a broker, or this is what they do. They could have found information on the dark web in terms of email addresses or credentials that have been compromised that they can then use and then turn back against the person that owns those. So there’s a lot of scent. They do a lot of research. They dig back into the data that they have access to on the dark web and other places even on LinkedIn. That’s a place that threat actors use a lot to understand who’s doing what and then

MBS:

Interesting.

RT:

And then yeah, they would piece that together and then potentially send and a phishing email or a SM a text-based phishing email and send it over that way and try to get credentials or try to have that person open an attachment or click on a link, and then that might give that threat actor access to that account. And then from there, they can take over that account and then they’ve got access to all the emails that have been sent and received and insert themselves into these transactions with a seller or with a broker or with an agent. And it really gets haywire after that. So

MBS:

Yeah, I mean it really does go to show that people often complain about having to have secure passwords and remembering their secure passwords and updating their secure passwords, but that’s why it’s so important just because it’s so to get in, if you have an easy password,

RT:

Or even if you have, you could have a very complex password, but if you have core security hygiene where it’s like you’ve got it written on a post-it note or it’s somewhere out there where people can get to it, it doesn’t matter that it’s an 80 character password. You’ve got to have all these pieces put together.

RL:

Everything. I would even add to that in real estate, you’re not going to share your banking password with anyone, but I find in real estate, especially things like an MLS password are a little bit, they’re a little bit more, I guess, less cautious with those historically. And so it’s really important from the agent perspective and even from the MLS perspective for things like two MFA and other protocols to be in place to prevent that kind of password sharing because it might be done in good faith and good nature, but the reality is when you send an email with a password or you have a note with a password, you’re just increasing the chance that somebody else can get their hands on it who is not necessarily someone who’s going to be helpful,

MBS:

A bad actor, they are up there. I want to talk a little bit more about wire fraud. I mentioned it. This is when we were wiring money for the deposit on this home. That’s when I got the “Please call us and get this six digit code.” What are things to look out for to prevent wire fraud in particular when you’re doing real estate transactions?

RL:

Yeah, I’ve got a really good list here, and I’ll be honest, I didn’t make this myself. Matt Cohen internally here. He’s a great resource for this kind of stuff. I knew of a few of these on this list, but he’s made an awesome list. So I’ll talk about some of these. And some of these on their own aren’t necessarily full red flags. They might be yellow or orange flags, but when you kind of put a few of them together, it creates a little bit of a pattern that makes everything a lot more kind of suspicious and you should be more vigilant around. So I’ll start at the top here. So firstly, is the property owner occupied or vacant? Again, on its own, that piece of information might not be too big of a deal, but taken with some of these others, can the sellers provide valid id?

Does it match the ownership record? Does the email address or phone number come from another country? Again, that’s not a red flag. That’s just an orange flag paired with some other information if the seller’s appearance doesn’t match the owner profile. So making sure you do a little bit of research if there’s an age mismatch it, it’s very easy to see. All communications are electronic. Again, a bit of an orange flag as well. If the price is below market value recently dropped significantly, if the seller is overly agreeable to making concessions, if they’re evasive, if they refuse to address concerns or maybe the seller happens to know a local notary, that’s a little bit of a flag. The deed has been altered in any way. Maybe the seller refuses to provide a title document. They promise agents further opportunities, maybe a bonus or something like that, something to really put a carrot in front of the agent to kind of motivate them to move fast.

There’s no mortgage, and if there’s no mortgage, again, not a red flag in itself at all, but it’s easier for the seller to forge the real estate signature, sign the property over to themselves, and then offer it for sale when there’s no mortgage involved. And then the seller obviously tries to rush the pace and if the seller’s unable to actually attend the closing in person. So that’s a pretty good list of some of the flags, which again, one of these, some of them, if there’s a problem with the ID or something like that, that’s a big red flag. Some of these might just be orange flags, but taken with other context and information, again, it makes a situation where you want to be extra vigilant.

MBS:

Sure. Yeah, no, and understandably. Wow. Okay. I guess bigger picture too is we’re looking to wrap up a little bit is what about systemic risk? How do you plan for the bigger picture?

RT:

Yeah. Well, I mean I think it goes back to an awareness of what it is that we’re dealing with. I think it starts there and then we need to figure out how we can improve our own security posture. I think understanding what that looks like and then implementing those measures, and it doesn’t need to be huge. I mean, again, depending on where you fit in the organization, I think there’s some things that we can implement pretty quickly. And then from there, it’s culturally making sure that if it’s however big the organization is, that you’ve established the culture within that environment to say, no, we are taking a stand on from a security perspective. We’re going to strengthen our security posture by doing X, Y, and Z and making sure that that is communicated from the top to the bottom and that’s your all aligned to that. The saying culture will eat strategy for breakfast or something to that effect. You have to establish that early and then the systemic risk that could come from that. I mean, you start minimizing all that. So I think that’s part of the goal.

MBS:

Yeah, I think that’s a really good point is that I love that quote as well too. That culture is a big part of this and building a culture of smart security, which we at CoreLogic are all about. But I think I live in a home that’s a culture of smart security because I know of the potential bad things that can happen, but it really does start with that.

ES:

Before we end this episode, let’s take a break and talk about what’s happening in the world of natural disasters. CoreLogic Hazard HQ command central reports on natural catastrophes in extreme weather events across the world. A link to their coverage is in the show notes. The end of August and early September brought a number of storms in Asia. Typhoon Shanshan blew over southern Japan in late August, although the storm had a similar track in intensity to previous typhoons that caused significant damage. Typhoon Shanshan had limited financial insured impact. Typhoon Yagi soaked the Philippines before heading to China in the US hurricane Francine made landfall in Louisiana after the Atlantic Ocean experienced a long quiet period. It was the sixth name storm of the 2024 season CoreLogic estimated Hurricane Francine insured wind in storm surge losses to be up to 1.5 billion.

MBS:

I often like to end these episodes with if you had a crystal ball. So do we think that there will ever be an end to cyber risk, cybersecurity risk? Is it a solvable risk or is it something that’s just going to continue to evolve? Is there ways to mitigate against it or is it just going to spiral out of control as the future continues?

RT:

Well, let’s hope that it doesn’t result in spiraling out of control that I want to guard against. And I think it is a manageable risk, but I think again, we have to, it takes effort. I think we need to be thoughtful in what the capabilities are of the threat actors. It’s very much an arms race where they have the capability of doing a lot of things. And I think we don’t need to understand all the details of what they’re doing because it gets very deep very quickly. But I think just recognizing what the capabilities are from a very elementary level, that’s where a lot of these different players in the industry can start and then don’t be, I guess, I don’t know if this is crystal balley or not, but also think about maybe there’s, people get overwhelmed with thinking about security and I can’t implement that. It’s too difficult. There’s things you can do from like we talked about two-factor authentication or multi-factor authentication of getting even something not as simple, but getting a UB key, a hardware device that you plug into your machine that provides that simple way to validate you are who you think you are, and then you can move on through your day, but maybe not get so wrapped up in the details of information security.

So I’ve kind of strayed from the crystal ball aspect, but I think again, it’s continuing that education and being thoughtful for what is out there and then recognizing it and then stepping forward into a more secure posture.

RL:

Yeah, that’s great. And just to add to that, I think that when it comes to looking to the future, we can only assume that these types of attacks are going to get more sophisticated as we move forward. So I think

MBS:

Definitely, yeah.

RL:

One of the things that’s really important for anyone in the industry to be aware of is what kind of breaches happen and how they happen. So we talked about awareness, and Rob mentioned as well, it’s like if you see in the news about a story of a breach or something happens, dig into that and help yourself understand why it happened, how it happened. It’s kind of like a vaccine. That information is going to help you be a little bit more vigilant moving forward. And we also need to recognize that there’s no such thing as secure. You can take reasonable efforts to be secure, but take your house, for example, I leave the house and I lock the front door. Is my house secure? But if someone really wanted to get in my house, is it actually secure? No, not really. Somebody could open a window, they could pick the lock, they could kick the door in. My house is not actually secure, but I’ve taken reasonable measures to make it as secure as it can be. And so I think that when people are kind of digesting all this, just know that you don’t have to eat the whole elephant, right? You can take a little bite at a time and you’ll be in a much better spot than you were at.

MBS:

Yeah, I think that’s a great place to end. And personally myself with a background in natural hazards, I often say in this podcast too, when we’re talking a lot about whether it be some sort of being prepared for a natural hazard, it’s the same with this is the number one thing you can do to be prepared is believe it will happen, is something that I always say. And I think with cybersecurity, that’s such an important part of this as well too, is believe that this actually could happen to you because then you will honestly take the steps to help protect yourself beyond just locking your door. Yeah,

RT:

Yeah. No, I love that.

MBS:

That’s

RT:

Great. That’s awesome.

MBS:

Alright, Rob squared, this has been great. Thanks so much to both of you for joining today on Core Conversations at CoreLogic podcast. It’s awesome.

RL:

Thanks so much for having us.

MBS:

All right. And thank you for listening. I hope you’ve enjoyed our latest episode. Please remember to leave us a review and let us know your thoughts and subscribe wherever you get your podcast to be notified when new episodes are released. And thanks to the team for helping bring this podcast to life producer Jessi Devenyns, editor and sound engineer Romie Aromin, our facts guru, Erika Stanley and social media duo, Sarah Buck and Makaila Brooks. Tune in next time for another Core Conversation.

ES:

Are you still there? Well, thanks for sticking around. Are you curious to know a little bit more about who our guests were today? Rob Tennet is the current acting Chief Information Security Officer at CoreLogic. He is responsible for establishing the strategic direction of the cybersecurity program and fostering a security aware culture through focusing on cybersecurity awareness and education, vulnerability management, cyber risk management, crisis and incident management in vendor management. For the last 30 years, Rob has been dedicated to helping companies and leaders make cyber risk informed decisions and is a strong advocate for cybersecurity awareness. Rob holds a certified information system, security professional certification, and has been an active speaker at CoreLogic conferences and other cybersecurity related events.

Rob Love is an experienced technology leader in a digital adoption specialist. With over 20 years of experience in PropTech in helping real estate organizations leverage diverse technology to improve results in his current role, Rob leads adoption efforts within CoreLogic’s Real Estate Solutions Group, working with clients representing over 1.2 million real estate professionals to increase usage of CoreLogic’s powerful tech ecosystem.

©2024 CoreLogic, Inc. All rights reserved. The CoreLogic content and information in this blog post may not be reproduced or used in any form without express written permission. While all of the content and information in this blog post is believed to be accurate, the content and information is provided “as is” with no guarantee, representation, or warranty, express or implied, of any kind including but not limited to as to the merchantability, non-infringement of intellectual property rights, completeness, accuracy, applicability, or fitness, in connection with the content or information or the products referenced and assumes no responsibility or liability whatsoever for the content or information or the products referenced or any reliance thereon. CoreLogic® and the CoreLogic logo are the trademarks of CoreLogic, Inc. or its affiliates or subsidiaries.  Other trade names or trademarks referenced are the property of their respective owners.