Established in 1888 in Wellington, New Zealand, and now based in Queensland, Harcourts is a global real estate company with 400 offices Australia-wide, as well as operations in New Zealand, the US, Canada, Indonesia, Fiji, China, Hong Kong, Mexico and South Africa.
Overnight, the SafePay ransomware gang listed Harcourts on its dark web leak site, threatening to leak allegedly stolen data in two days and 15 hours at the time of writing.
At this stage, the threat actor has not disclosed any details of the incident, nor shared any sample data to verify exfiltration. However, the listing has already had 621 views at the time of writing.
Cyber Daily has reached out to Harcourts for more information and is awaiting a response.
In 2022, Harcourts disclosed a cyber incident impacting its Melbourne city franchisee, which led to the data of tenants, landlords and trades being accessed.
“We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result,” Harcourts CEO Adrian Knowles said at the time.
“Dealing with this incident is our top priority. We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals.”
Cyber incidents on real estate firms can have major impacts due to the financial nature of the data they hold.
Real estate agencies deal with high-value transactions and need a wealth of personal data for verification and documentation purposes. This includes names, email addresses, home addresses, mobile numbers, details of previous tenants and their rental history, financial information like bank details, and more.
This data can be used by threat actors for cases of fraud, impersonation scams, phishing, and other financially motivated crimes.
Who is SafePay?
SafePay was first observed in October 2024 and has since claimed more than 500 victims.
The group has been observed targeting businesses in Australia, the United Kingdom, the United States, Italy, New Zealand, Canada, Belgium, Brazil, Germany, Barbados, and Argentina.
According to the group, it is not a ransomware-as-a-service (RaaS) operation.
“SafePay ransomware has never provided and does not provide the RaaS,” SafePay said on its leak site.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
