According to a statement from real estate company Harcourts, a franchisee became aware that its rental property database had been accessed by an unknown third party without authorisation on 24 October.
Editor’s note: This story originally appeared on Cyber Security Connect’s sister brand Real Estate Business.
The ABC has reported that Harcourts Melbourne City was the subject of the attack, with an email circulated to the agency’s customers.
The network has flagged that each Harcourts office operates as an independent franchise with its own separate operating and IT systems.
It was reported that the rental property database in question held personal information relating to landlords, tenants and trades and was used by the franchisee’s service provider Stafflink to provide it with administrative support.
Harcourts stated that in this particular instance, the rental property database was used by a representative of Stafflink and accessed by an unknown third party.
The statement further explained: “We understand the unauthorised access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device.”
Weighing in on the news, Harcourts Australia chief executive Adrian Knowles extended an apology to those affected by the breach, stating: “We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result.”