cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Victorian real estate agency suffers cyber attack, SMEs increasingly targeted

Victorian real estate agency PH Property Bendigo said that it has suffered from a data breach, potentially affecting roughly 200 customers.

user icon Daniel Croft
Thu, 30 Mar 2023
Victorian real estate agency suffers cyber attack, SMEs increasingly targeted
expand image

The agency said that four months of data was stolen when threat actors hacked a staff member’s email address and got past security protocols on 15 March.

PH Property had a number of security protocols in place, such as two-factor authentication and randomised passwords, as well as security software and a firewall.

The company said that the stolen data included bank details, names, contact info and ID documentation and that bad actors had begun contacting clients from a staff email address with the first name Kayla.


“You may have already received a fake email from her account requesting to open an attachment — please do not open these attachments,” the company warned in an email it issued to clients yesterday (29 March).

“Our current information shows that they have only emailed clients so far, however, there is a possibility that they have made a local copy of Kayla’s entire email account and will have access to any email that has been sent to or from her.”

Responding to the breach, the agency reported the breach to the Office of the Australian Information Commissioner (OAIC) and has hired security workers to keep its network secure.

PH Property has said that customers and users of its services should review their bank accounts and change passwords to protect themselves.

Managing director of a Victorian security agency Brenton Johnson praised the security measures that PH Property had in place and said he was shocked that threat actors were able to get through.

However, he did say that businesses should avoid wiping affected devices, as they contain necessary information for insurance and investigation purposes.

“It’s generally not recommended to wipe the computer generally. The best option is to remove the hard drive and put in a new one,” said Johnson

“Reason being this erases all evidence and may impact any insurance claim they have.”

As Johnson pointed out, attacks on SMEs are getting increasingly common. While the payout for a threat actor may be lower than targeting large multinational institutions, smaller businesses often have weaker security measures and are more vulnerable.

The National Cybersecurity Alliance found in a 2019 report that 43 per cent of all cyber attacks were on businesses with under 250 employees.

In addition, the FBI’s Internet Crime Complaint Center had 11,000 reports of cyber attacks from SMEs, with losses totalling US$145 million (over $217 million).

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.