This article is from the Australian Property Journal archive
THE amount of information collected by real estate agencies is under the spotlight, after Harcourts’ Melbourne City office revealed a data breach may have exposed the personal information of tenants, landlords and trades to hackers – just days after experts called on the government to review privacy laws because real estate agents hold on to excessive amounts of information and are particularly vulnerable to cyber attack.
The breach follows major hacking events that have affected millions of customers at Optus and Medibank.
According to an email from the Harcourts franchisee to customers, it became aware on 24th October that its rental property database was accessed by an unknown third party 10 days earlier. Tenants may have had their names, addresses, email addresses, phone numbers, signatures and photo identification viewed, while landlords and trades may have had their bank details, names, addresses, email addresses, phone numbers and signatures compromised.
It remains unknown how many people have been affected.
“We became aware that our rental property database had been accessed by an unknown third party without our authorisation,” the Harcourts email said.
“This platform holds certain personal information of all our landlords, tenants, trades and is used by our service.”
Harcourts said the account of an employee of service provider Stafflink’s was compromised and accessed by a third party. Stafflink provides administrative support to the company. Harcourts offices operate independently, with their own operating and IT systems.
“We are still investigating the incident but understand it has occurred through the employee using their own device for work purposes rather than the usual (and more secure) company-issued device,” the email said.
“Importantly, our networks, accounts and your personal information are now all secure and our services are able to continue as normal.”
Dr Chris Martin, senior research fellow from the UNSW City Futures Research Centre, this week said governments need to review tenancy laws to protect tenants, and that the information agents ask for and receive from tenants is “excessive”.
“They’re collecting a lot more personal information, with arguably not a whole lot of purpose behind it,” he said. “It’s a big risk if all of that information falls into the wrong hands.”
Identify theft is a legitimate fear with the amount of personal information that is vulnerable if a hack occurs.
Only the Victorian Residential Tenancies Act has restrictions on landlords and agents asking tenants about particular details, while NSW Customer Service Minister Victor Dominello backed better protection of tenants’ information after groups such as Digital Rights Watch and renters raised concerns about a data breach before the Harcourts event.
Digital Rights Watch executive director James Clark said in a statement, “Renters in particular are asked to provide everything from passports to employment histories when applying for a house and this pool of data was clearly a ripe target for hackers”.
“This breach is another example of why we need comprehensive privacy reform to stop companies from collecting and storing more information than they really need.
“We also need a regulator that is well resourced and empowered to ensure companies are complying with privacy law.”
