Real estate company Harcourts has today confirmed that its Melbourne City franchisee has been the victim of a cyber incident.
In an official release, Harcourts Australia stated that on October 24, the Melbourne City franchisee became aware its rental property database had been accessed by an unknown third party without authorisation.
“Each Harcourts office operates as an independent franchise with its own separate operating and IT systems,” the statement explained.
The rental property database holds personal information relating to landlords, tenants and trades and was used by the franchisee’s service provider, Stafflink, to provide it with administrative support.
“In this particular instance the rental property database was used by a representative of Stafflink and accessed by an unknown third party,” the release stated.
“We understand the unauthorised access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device.
“A comprehensive external investigation led by cyber security experts is underway but it is not yet concluded.”
Harcourts Australia CEO, Adrian Knowles said Harcourts understood people would be deeply upset and concerned about the recent data breach.
“I would like to offer our sincere apologies to everyone who has been inconvenienced as a result,” Mr Knowles said.
“Dealing with this incident is our top priority. We are working together with the franchisee to ensure that all impacted individuals are advised of the incident.
“In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals.
“We have acted decisively to implement a comprehensive external investigation as well as a review of our systems and processes firm wide. We have also notified the Privacy Commissioner of this breach.
“This investigation is still underway and if our understanding of the impacts changes in any way we will make this clear,” he said.