The same threat actor behind the MIFF and ACMI breaches continues to target Australian organisations in a hacking spree.
The personal data of more than 17,300 clients of Australian estate agent MMJ Real Estate has potentially been exposed in a data breach.
A hacker calling themselves 2019 – the same threat actor behind breaches of the Melbourne International Film Festival (MIFF) and the Australian Centre for the Moving Image (ACMI) – published the data in a 1 June post to a popular hacking forum.
The data listed by the hacker includes full names, emails, mobile phone numbers, addresses, details of business interests, and the property price ranges that customers are interested in. Also included are the timestamps of inquiries.
According to threat intelligence platform Daily Dark Web, such a collection of data could be a goldmine for further compromises.
“If authentic, exposure of real estate customer data could create opportunities for targeted phishing, business email compromise, real estate fraud and social engineering attacks,” a Daily Dark Web analyst said in a post to X.
“Property transaction-related information is often valuable to threat actors because it can be leveraged in highly convincing impersonation campaigns.”
MJJ Real Estate is aware of the hacker's claims and is investigating the incident.
"On Wednesday, 3 June 2026, we became aware that certain information associated with our business has been referenced on a dark-web leak site of a cyber criminal organisation," an MMJ spokesperson told Cyber Daily.
"This incident does not affect our business operations, and we continue to serve our clients as normal with full confidence. Based on our investigations to date, the incident has only impacted general enquiry information.
"We are taking this incident very seriously. After becoming aware of the cyber security incident involving our business, we immediately took steps to contain the incident and engaged cyber security advisors to commence an investigation."
MMJ said it is working with the federal government to respond to this malicious activity and that its investigations remain ongoing.
"We are committed to communicating with our clients and stakeholders transparently," MMJ said.
Who is 2019?
The threat actor, 2019, has been active on hacking forums since early 2026 and has listed more than 20 victims across various breach posts.
Australian organisations are their most common target, followed by entities in the United States, France, Italy, and New Zealand.
Who is MMJ Real Estate?
Founded in 1960, MMJ Real Estate has offices in Perth, Wollongong, and Corrimal, offering property services including valuation, strata management, marketing, and town planning.
The company lists 128 employees on its website.
This article originally appeared on REB's sister publication Cyber Daily
Want to see more stories from trusted news sources?Make Real Estate Business a preferred news source on Google.
