We’re still in the second week of the year and we’ve already heard about new data breaches. This time, the breach affected Australia’s First National Real Estate group. Gareth Llewellyn, a security researcher at Brass Horn Comms, first noticed the breach. He then took to Twitter to inform First National of his findings. Read on for the full story.
Australia’s First National Real Estate group Hacked!
First National Real Estate Group Hack – Full Story
On January 4th, Gareth took to Twitter with news of a data breach affecting Australia’s First National Real Estate Group. He showed how the CVs of job applicants have been “inadvertently published”, and how this could seriously affect the applicants.
The published CVs contain full names, addresses, phone numbers, dates of birth, and other identifying information.
Apparently, at least 12 of First National’s offices may have been involved in the breach, with around 2000 individuals affected. The screenshots that Gareth provided show that First National’s offices in Burleigh Heads and Palm Beach in Queensland were part of the breach.
Llewellyn posits that the issue isn’t really from First National itself but from a third-party vendor. First National’s own response to the breach seems to point in the same direction, putting the blame on Sales Inventory Profile, a recruitment agency, instead,
“As this breach is not within First National’s responsibility, we, like all networks with the real estate industry are dependent upon the Sales and Inventory Profile organization complying with the necessary security arrangements”
First National also stated that it’s working with the Office of the Australian Information Commissioner to get to the bottom of this situation.
First National Real Estate Group Hack – Final Thoughts
Whether the breach is the fault of First National or not, it is something that requires urgent attention. Job applicants shouldn’t one day wake up and find all of their information online. Hopefully, the OAIC will be able to get to the bottom of this breach soon.
However, the First National Real Estate group hack does show one vital thing. We are at a time where databases and data management should fall under a strict and user-centric law. The law should also be updated to match the new disruptive innovations. That, I believe, is the first step in regaining control over our safety and our privacy.
Let me know what you think about this breach in the comments below!