Herron Todd White (HTW), an Australian valuation firm, finds itself in troubled waters as it grapples with the aftermath of an alleged data breach, resulting in a suspension from new work by the country’s leading banks. The alleged HTW data breach, impacting its commercial and agricultural property valuation platforms, has triggered concerns regarding cybersecurity protocols and the protection of sensitive information.
The HTW data breach was first detected by the company last Friday, prompting an immediate response from the company’s monitoring and cybersecurity processes.
While HTW remains tight-lipped about the specifics of the breach, including its nature and the method of infiltration, a spokesperson stated to Australian Financial Review (AFR), “Our monitoring and cybersecurity processes acted to provide early detection, and we have commenced an investigation to establish the extent of the impact and to ensure we have effectively responded to the incident.”
Prominent Banks are Investigating the Extent of HTW Data Breach
In light of this HTW data breach, major banks, which heavily rely on valuation firms like HTW for property-related assessments, have taken precautionary measures. Westpac has suspended new work with HTW as they collaborate to assess the situation’s implications on customers.
Similarly, National Australia Bank and Commonwealth Bank have suspended HTW from new commercial and agricultural valuation work, albeit continuing with residential valuations unaffected by the breach.
The nature of the HTW data breach, whether a malicious attack or a security lapse within HTW’s infrastructure, remains uncertain. The Cyber Express Team has reached out to them to know more about the alleged breach, however, as of writing this news report, no response was received.
HTW Data Breach Reported to Australian Cyber Security Centre
The firm claimed to take responsibility for reporting details regarding the breach to the Australian Cyber Security Centre, the Australian government’s lead agency for cyber security matters.
The Australian government requires all organizations to report cyber security incidents with ‘significant impact’ to the the Australian Cyber Security Centre (ACSC) within 12 hours of it occurring. Australia has moved to adopting various laws aimed at bolstering cyber defences after facing an increased number of cyber attacks and some high-profile security incidents.
The Australian Signals Directorate (ASD) announced in its annual November 2023 cyber threat report that it responded to over 1,100 cybersecurity incidents from Australian entities. Nearly 94,000 reports were made to law enforcement in 2023, representing a 23% increase from 2022.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
