You have 0 free articles left this month.
Register for a free account to access unlimited free content.
search

Data leak countdown: Harcourts allegedly hacked by ransomware gang

By Daniel croft

19 June 2026 • 4 minute read

harcourts office reception reb ukglwt

Major Australia-based real estate firm Harcourts has allegedly suffered a cyber incident after threat actors listed the company on their dark web leak site.

Established in 1888 in Wellington, New Zealand, and now based in Queensland, Harcourts is a global real estate company with 400 offices Australia-wide, as well as operations in New Zealand, the US, Canada, Indonesia, Fiji, China, Hong Kong, Mexico and South Africa.

You’re out of free articles for this month

Overnight, the SafePay ransomware gang listed Harcourts on its dark web leak site, threatening to leak allegedly stolen data in two days and 15 hours at the time of writing.

 
 

At this stage, the threat actor has not disclosed any details of the incident, nor shared any sample data to verify exfiltration. However, the listing has already had 621 views at the time of writing.

"We are aware that an external party has made a claim about our company online," the spokesperson said.

"As soon as we became aware of this claim, we took immediate steps to engage specialist cyber security experts to commence an urgent investigation. We have also introduced containment measures to reduce risk and strengthen the security of our environment while we continue our investigation."

"At this stage of our investigation, we do not have evidence of impact to our systems, but our investigation is in its early stages."

"We are liaising with our network offices and will continue to update our staff, clients and key partners if we identify any relevant and accurate evidence of impact to personal information."

"We also have ongoing monitoring in place, with the support of our cyber security experts."

"It is important to note that these claims made by the external party are not accessible via standard internet searches and require specialist software and tools to locate."

"We will update the relevant authorities as appropriate, in line with our obligations."

In 2022, Harcourts disclosed a cyber incident impacting its Melbourne city franchisee, which led to the data of tenants, landlords and trades being accessed.

“We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result,” Harcourts CEO Adrian Knowles said at the time.

“Dealing with this incident is our top priority. We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals.”

Cyber incidents on real estate firms can have major impacts due to the financial nature of the data they hold.

Real estate agencies deal with high-value transactions and need a wealth of personal data for verification and documentation purposes. This includes names, email addresses, home addresses, mobile numbers, details of previous tenants and their rental history, financial information like bank details, and more.

This data can be used by threat actors for cases of fraud, impersonation scams, phishing, and other financially motivated crimes.

Who is SafePay?

SafePay was first observed in October 2024 and has since claimed more than 500 victims.

The group has been observed targeting businesses in Australia, the United Kingdom, the United States, Italy, New Zealand, Canada, Belgium, Brazil, Germany, Barbados, and Argentina.

According to the group, it is not a ransomware-as-a-service (RaaS) operation.

“SafePay ransomware has never provided and does not provide the RaaS,” SafePay said on its leak site.

This story was first published in REB’s sister publication, Cyber Daily.

Real Estate BusinessWant to see more stories from trusted news sources?
Make Real Estate Business a preferred news source on Google.
Tags: