
Incident: Hotel and property giant Meriton hit by data hack, personal documents may be at risk | ABC News (Australia)

Australian Property Group Cyber Incident, 29 March 2023
Australian hotel and property giant Meriton hit by data hack, personal documents may be at risk
Cybercriminals may have made off with highly sensitive personal data including birth certificates and bank details, as well as information about salaries and disciplinary proceedings
View more incidents from the Real Estate and Property Management sector.

One of Australia’s biggest property giants has been hit by cybercriminals who may have made off with highly sensitive personal data including birth certificates and bank details, as well as information about salaries and disciplinary proceedings.
Guests and staff members employed by Meriton were affected by the data breach when hackers struck the luxury developer on January 14 this year.
The incident compelled the company to warn approximately 1,889 people to take steps to protect themselves.
Meriton staff members were the most intimately stung by the hack, with the company warning them that cybercriminals may have accessed details of their bank accounts, tax file numbers and employment information, which includes particulars about salaries, disciplinary history and performance appraisals.
The company also said staff health information may have been accessed.
In a statement, Meriton confirmed to the ABC that it was the victim of a “cybersecurity incident” which compromised 35.6 gigabytes of data, and which it attributed to an “unidentified third party”.
Meriton said it had taken all the “appropriate” steps including notifying guests and workers affected, as well as informing the Australian Cyber Security Centre and the Office of the Australian Information Commissioner (OAIC).
In letters sent to both guests and staff members, Meriton urged those affected to keep an eye on their banking statements and warned them to be wary of scams.
Meriton also promised guests and staff it was implementing enhanced cybersecurity measures to protect the company’s IT networks.