Exclusive: Harcourts investigates cyber attack claims, no evidence of impact so far

“We are aware that an external party has made a claim about our company online,” said a Harcourts spokesperson.

“As soon as we became aware of this claim, we took immediate steps to engage specialist cyber security experts to commence an urgent investigation. We have also introduced containment measures to reduce risk and strengthen the security of our environment while we continue our investigation.”

The firm added that while it is in the early stages of its investigation, it has yet to note any evidence of impact.

“We are liaising with our network offices and will continue to update our staff, clients and key partners if we identify any relevant and accurate evidence of impact to personal information.

“We also have ongoing monitoring in place, with the support of our cyber security experts.”

Harcourts also reiterated that the allegedly stolen data would not be accessible through clear web means; however, this does not rule out access by criminals who already use those tools and are within the cyber crime ecosystem.

VIEW ALL

“We will update the relevant authorities as appropriate, in line with our obligations.”

At this stage, the threat actor has not disclosed any details of the incident nor shared any sample data to verify exfiltration. However, the listing has already had 2,142 views at the time of writing.

Who is SafePay?

SafePay was first observed in October 2024 and has since claimed more than 500 victims.

The group has been observed targeting businesses in Australia, the United Kingdom, the United States, Italy, New Zealand, Canada, Belgium, Brazil, Germany, Barbados and Argentina.

According to the group, it is not a ransomware-as-a-service (RaaS) operation.

“SafePay ransomware has never provided and does not provide the RaaS,” SafePay said on its leak site.