Harcourts, a real estate agency in Australia, reported having been hit with a cyberattack that exposed the sensitive data of tenants, landlords, and investors. The incident was spotted last October 24 after the firm detected an unknown third-party entity accessing its rental property database.
Based on investigations, the Harcourts data breach transpired due to a compromise in the firm’s franchisee administrative support called Stafflink. The real estate firm said in a statement that Stafflink’s representative used a personal device for work rather than a company-issued device, resulting in unauthorised access.
Stafflink expressed their regret and said they are working with Harcourts Melbourne City and its IT suppliers to resolve the issue. Though, the service provider clarified that the platform accessed by the unauthorised entity is not owned or operated by them.
On the other hand, the Harcourts real estate firm has established complimentary credit monitoring and access to IDCARE support for individuals affected by the data breach. Researchers said that the number of people affected is still unknown.
A week after digital rights advocates warned that the real estate sector targeted by hackers would be way worse than Optus and Medibank incidents, the Harcourts breach ensued.
Further investigation revealed that even after Harcourts’ IT team had revoked the hackers’ access to the affected Stafflink representative’s account, it is still possible that critical data may still have been exposed to unwanted entities, including tenants’ full names, email addresses, home addresses, contact details, signature copies, and photos for identification.
Meanwhile, Harcourts’ landlords’ and investors’ data have also been compromised, including their full names, email addresses, home addresses, contact details, signature copies, and banking information.
People who have received the warning notification from the real estate firm were asked to be aware of threats of cyberattacks, including phishing and identity theft attempts. Cybercriminals have also been utilising stolen data for various malicious activities. Thus, being vigilant is highly advised.
Experts have also been discussing whether real estate firms are asking tenants for too much information that is more than necessary, such as requesting full bank statements, social media accounts, or birthdates that can reveal confidential details of an individual.
For this reason, security experts stressed the importance of privacy regulators in Australia or any country which could aid in regulating data being requested by organisations and ensuring that companies comply with the law.
