Australian Cyber Incident, 04 November 2022

Real estate company Harcourts says its Melbourne City franchise has been breached

The rental property database had been accessed by an unknown third party without authorisation

Company Statement: Harcourts Cyber Incident
Source: Real estate firm Harcourts latest to suffer data breach | iTWire

View more incidents from Victoria and the Real Estate and Property Management sector.

Real estate company Harcourts says its Melbourne City franchise has been breached in what it describes as a “cyber incident”, with the route for entry being a device used by the franchisee’s service provider Stafflink.

On October 24 the franchisee became aware that its rental property database had been accessed by an unknown third party without authorisation. Each Harcourts office operates as an independent franchise with its own separate operating and IT systems.

The rental property database holds personal information relating to landlords, tenants and trades and was used by the franchisee’s service provider, Stafflink, to provide it with administrative support. In this particular instance the rental property database was used by a representative of Stafflink and accessed by an unknown third party. We understand the unauthorised access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device.

Commenting, Harcourts Australia CEO, Adrian Knowles, said: “Dealing with this incident is our top priority. We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals.”