Australasian real estate company Harcourt confirmed that the systems of its Melbourne city office suffered a data breach. The company detected unauthorized access to its systems on October 24, however, it was allegedly breached on October 14. Customers’ names, addresses, signatures, photo identification, and bank details are said to be exposed due to the incident.
The company maintained that it alerted its customers via email while adding that it was obligated to keep the impacted individuals aware of the cyber incident under the Privacy act 1988. The objectives of this act which came into force on March 12, 2014, include promoting the protection of the privacy of individuals, transparent handling of personal information, and providing a means to complain about privacy breaches. The email read that Harcourts rental property database was accessed by an unknown third party.
What Harcourts found?
After investigations, Harcourts alleged that the data breach originated in Stafflink which is its software service provider. The company maintained that hackers gained access to its systems by compromising a Stafflink employee’s account. Moreover, the employee was not using the company-issued device as they were supposed to. Instead, were using their own device for work which made hacking into the systems easier as the company’s devices are enabled with advanced security packages.
The email further read that the investigations are still ongoing and customer data must have been exposed to hackers for a short span of time until it was secured. The number of individuals impacted by the data breach is not yet known. Meanwhile, Stafflink denied allegations by Harcourts about the data breach originating on its systems, according to a report posted on ABC News.
Increasing risk of cyberattacks on real estate and where Australia stands in terms of cybersecurity
The Harcourts data breach comes after a spate of cyberattacks on Australian companies like Optus which impacted over 9 million users and Medibank which resulted in exposing 4 million customers’ information. According to research, the cost to the global economy due to cybercrimes is nearly $2.9 million per minute. The report stated that because real estate companies collect a lot of personal information from people enquiring about buying property, it makes it easier for cybercriminals to target them.
Gaining access to such information including bank details makes impersonating someone leading to identity theft easier. This also points towards the assumption that cloud-based applications are foolproof. Companies including the real estate sector must upgrade their systems and raise awareness about data theft to prevent it. The failure to detect and address data breaches does not just impact the systems but also the company’s reputation in the absence of preparedness in handling online incidents.