Real estate agency Harcourts sends email saying names, addresses compromised in cyber attack
A leading Australian real estate agency has suffered a cyber attack, with tenant’s names, addresses, phone numbers and photo identification potentially exposed.
The Melbourne City branch of Harcourts Real Estate sent an internal email to its customers confirming a third party had accessed its rental property database last month.
The agency reassured tenants the networks were now all secure and services were continuing as normal.
Harcourts’ Melbourne City and Victoria Corporate Office were both contacted for comment.
It is not known how many people were impacted by the breach.
The breach is one of many that have rocked Australian companies in recent weeks.
In the email, seen by NCA NewsWire, Harcourts explained they became aware on October 24 that an “unknown third party” had accessed their rental property database without permission.
The company explained the platform was used by their service provider Stafflink to provide them with administrative support.
“The account of one of Stafflink’s employees was compromised and accessed by an unknown third party,” the email read.
“As a result, your information may have been visible to the third party for a short window of time.
“We are still investigating the incident but understand it has occurred through the employee using their own device for work purposes rather than the usual (and more secure) company-issued device.
“As such, we believe this was a one-off incident.”
The email explained the full legal names, email addresses, addresses, phone numbers and signatures of tenants was potentially visible.
The bank details of rental providers, landlords and trades may also have been visible.
“We are confident that no other personal information was affected,” the email read.
Harcourts explained they had suspended the compromised account and had added new layers of protection to its outgoing EFP payments, data and security settings.
Strict access controls and password policies were also put in place.
The company urged recipients to be aware of any suspicious activity in their online accounts and beware of potential phishing scams.
In September, hackers made off with the information of 10 million current and former customers of telco giant Optus, before dumping the information of 10,0000 customers and bizarrely apologising for the theft.
Health care giant Medibank said criminals had allegedly stolen up to 200GB of data in late October.