realestatebusiness logo
Home of the REB Top 100 Agents
|||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| |||||||||||||||||| ||||||||||||||||||

Harcourts addresses cyber hack

By Grace Ormsby
04 November 2022 | 11 minute read
cyber attack hacker reb wu07tu

The network has confirmed a Melbourne City franchisee has been the victim of a cyber incident.

According to a statement from Harcourts, the franchisee became aware that its rental property database had been accessed by an unknown third party without authorisation on 24 October.

The ABC has reported that Harcourts Melbourne City was the subject of the attack, with an email circulated to the agency’s customers.

The network has flagged that each Harcourts office operates as an independent franchise with its own separate operating and IT systems.

It was reported that the rental property database in question held personal information relating to landlords, tenants and trades and was used by the franchisee’s service provider, Stafflink, to provide it with administrative support. 

Harcourts stated that in this particular instance, the rental property database was used by a representative of Stafflink and accessed by an unknown third party.

The statement further explained: “We understand the unauthorised access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device.”

Weighing in on the news, Harcourts Australia chief executive Adrian Knowles extended an apology to those affected by the breach, stating: “We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result.” 

He iterated that dealing with this incident is the “top priority” of the network, with a comprehensive external investigation currently being undertaken by cyber security experts, but not yet concluded.

“We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals,” he said.

Mr Knowles said the group had “acted decisively to implement a comprehensive external investigation as well as a review of [its] systems and processes firm-wide”.

“We have also notified the privacy commissioner of this breach.

“This investigation is still underway, and if our understanding of the impacts changes in any way, we will make this clear,” he concluded.

The latest cyber incident coincides with a warning from the University of NSW that a large-scale cyber security breach could be “devastating” for real estate.

data breach in the rental sector is a growing concern for renters, who regularly hand over large amounts of personal information when applying for rental housing. Transparency over how this information is used, shared and secured is often unclear.

According to a statement from the institution, “data breach in the rental sector is a growing concern for renters, who regularly hand over large amounts of personal information when applying for rental housing. Transparency over how this information is used, shared and secured is often unclear.”

Senior research fellow from the UNSW City Futures Research Centre, Dr Chris Martin, believes the ability of real estate agents and landlords to collect vast amounts of sensitive information “is a significant concern”.

He argued that now is the time for data collection to be regulated in the sector due to the fact that the sector is “collecting a lot more personal information, with arguably not a whole lot of purpose behind it”.

“It’s a big risk if all of that information falls into the wrong hands,” he said.

With multiple identification documents, bank statements, utility bills, employment details and rental history all deemed “standard asks”, he noted that these are “more than enough to falsify an identity.”

And with social media accounts, pet profiles, and self-funded background checks becoming more commonplace, Dr Martin said that “the sorts of questions being asked in tenancy applications are getting more intense”.

“Applicants might not want to hand over that level of information because of privacy concerns, but they’re in a position where they have little choice,” he said.


Grace Ormsby

Grace Ormsby

Grace is a journalist across Momentum property and investment brands. Grace joined Momentum Media in 2018, bringing with her a Bachelor of Laws and a Bachelor of Communication (Journalism) from the University of Newcastle. She’s passionate about delivering easy to digest information and content relevant to her key audiences and stakeholders.

You need to be a member to post comments. Become a member for free today!

Do you have an industry update?