The company said a comprehensive external investigation led by cybersecurity experts is under way.

Each Harcourts office operates as an independent franchise with its own separate operating and IT systems.

Security experts foretold the risks of data breaches in the real estate industry.

Security experts foretold the risks of data breaches in the real estate industry.Credit:Craig Sillitoe

Harcourts Australia chief executive Adrian Knowles said dealing with the incident was the company’s top priority.

“We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result,” Knowles said.

“We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals.”


Digital Rights Watch program lead Samantha Floreani said a review into the Privacy Act was urgently needed to better protect people’s data.

“This is yet another example of why we need comprehensive privacy reform, because as long as companies are collecting too much of our personal information and holding on to it for long periods of time, the risk of harm is going to continue to occur,” Floreani said.

Real Estate Institute of Australia president Hayden Groves said the peak body had been “very concerned” after the news of the Optus and Medibank data breaches.

Agencies across the country collect $78 billion in rent each year, collecting personal data from tenants and companies.

“Obviously, the Harcourts data breach is a concern. It’s really a wake-up call for real estate agencies,” Groves said.

Groves said it came down to proper training for those working in the industry on keeping data collected from sales and leases safe and secure.

“Data breaches mainly occur when individuals open an email that they shouldn’t have,” he said.

“And really, if we’re being sloppy with the collection of data it can really put our business at risk.”

Groves said agencies were taking data security very seriously: “We’re not seeing agents be cavalier with the collection of data, but they do need to ensure employees are property trained with things like email portals.”