Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.

Leading Aussie real estate firm suffers cyber attack

According to a statement from real estate company Harcourts, a franchisee became aware that its rental property database had been accessed by an unknown third party without authorisation on 24 October.

user iconGrace Ormsby
Fri, 04 Nov 2022
Leading Aussie real estate firm suffers cyber attack
expand image

Editor’s note: This story originally appeared on Cyber Security Connect’s sister brand Real Estate Business

The ABC has reported that Harcourts Melbourne City was the subject of the attack, with an email circulated to the agency’s customers.

The network has flagged that each Harcourts office operates as an independent franchise with its own separate operating and IT systems.

It was reported that the rental property database in question held personal information relating to landlords, tenants and trades and was used by the franchisee’s service provider Stafflink to provide it with administrative support. 

Harcourts stated that in this particular instance, the rental property database was used by a representative of Stafflink and accessed by an unknown third party.

The statement further explained: “We understand the unauthorised access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device.”

Weighing in on the news, Harcourts Australia chief executive Adrian Knowles extended an apology to those affected by the breach, stating: “We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result.” 

He iterated that dealing with this incident is the “top priority” of the network, with a comprehensive external investigation currently being undertaken by cyber security experts, but not yet concluded.

“We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals,” he said.

Knowles said the group had “acted decisively to implement a comprehensive external investigation as well as a review of [its] systems and processes firm-wide”.

“We have also notified the privacy commissioner of this breach.

“This investigation is still underway, and if our understanding of the impacts changes in any way, we will make this clear,” he concluded.

The latest cyber incident coincides with a warning from the University of NSW that a large-scale cyber security breach could be “devastating” for real estate.

data breach in the rental sector is a growing concern for renters, who regularly hand over large amounts of personal information when applying for rental housing. Transparency over how this information is used, shared and secured is often unclear.

According to a statement from the institution, “data breach in the rental sector is a growing concern for renters, who regularly hand over large amounts of personal information when applying for rental housing. Transparency over how this information is used, shared and secured is often unclear”.

Senior research fellow from the UNSW City Futures Research Centre, Dr Chris Martin, believes the ability of real estate agents and landlords to collect vast amounts of sensitive information “is a significant concern”.

He argued that now is the time for data collection to be regulated in the sector due to the fact that the sector is “collecting a lot more personal information, with arguably not a whole lot of purpose behind it”.

“It’s a big risk if all of that information falls into the wrong hands,” he said.

With multiple identification documents, bank statements, utility bills, employment details and rental history all deemed “standard asks”, he noted that these are “more than enough to falsify an identity”.

And with social media accounts, pet profiles, and self-funded background checks becoming more commonplace, Dr Martin said that “the sorts of questions being asked in tenancy applications are getting more intense”.

“Applicants might not want to hand over that level of information because of privacy concerns, but they’re in a position where they have little choice,” he said.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.