Real estate firm Harcourts has apologised and launched an external investigation after exposing customers information in a data breach. The company on Thursday issued a public statement confirming last month’s breach.
The company said it became aware of the breach more than two weeks ago on October 24, when one of its franchisees discovered its rental property data base had been accessed by “an unknown third-party”.
The database contains personal information of tenants, landlords and tradespeople, including names, addresses bank details, signatures and, for renters, photo identification copies.
Harcourts said one of the franchisee’s service providers, Stafflink, had access to the data base to provide administrative support.
“We understand the unauthorised access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device,” a company statement said.
The breach was reported this week and follows high-profile attacks on Optus and Medibank, and just comes just weeks after warnings from experts that real estate companies are attractive targets.
On Thursday, Harcourts Australia chief executive Adrian Knowles apologised.
“We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result,” he said in the statement.
Harcourts has not yet identified and contacted all individuals impacted in the breach. The company said it will provide complimentary credit monitoring and access to the IDCARE support service for impacted individuals.
“We have acted decisively to implement a comprehensive external investigation as well as a review of our systems and processes firm-wide. We have also notified the Privacy Commissioner of this breach,” Mr Knowles said.
“This investigation is still underway and if our understanding of the impacts changes in any way we will make this clear.”
The federal government moved to increase penalties and improve information sharing with banks in response to the Optus incident which affected 10 million people.
New South Wales customer service minister Victor Dominello has also flagged changes to better protect renters’ data in the state as part of a wider “rethink” on information sharing.
Do you know more? Contact James Riley via Email.
*Harcourts