Web Analytics Made Easy - Statcounter

Data security an issue for renters

by

‘Data breach waiting to happen’: Warning for real estate agents and renters on personal info requests

Years of work and rental history, bank statements, self-funded background checks, social media profiles and pet resumes are just some details that prospective renters have to provide to secure a property.

Experts have raised concerns about the potential risk of an Optus-style data breach waiting to happen in the real estate industry as it amasses more and more sensitive information on rental applicants.

 

Real estate agents keep as much privacy data as Optus – Should you be concerned?

Last week’s Optus data breach shocked the nation, but real estate industry collects just as much if not more of your privacy data.

When you’re desperate for your next rental unit or your dream home, you are also unlikely to have a level playing field in saying no even questioning how much detail you should give up.

Samanthan Floreani from Digital Rights Watch warns it is well worth your effort to stop and think again before providing everything willy-nilly.

Read more: ABC News, October 4, 2022

A real estate agent data breach would be devastating for renters. They collect too much personal information

Thanks to Optus, millions of people are now acutely aware of what can happen when companies don’t take privacy and security seriously. But telcos aren’t alone in collecting and storing too much of our personal information. The real estate industry is often overlooked in conversations about data security, but it is one of the most invasive, with potentially devastating consequences for renters across the country…

Many small real estate agents aren’t covered by the Privacy Act, and those that are appear to be seriously massaging the law around data collection and handling that is “reasonably necessary”.

Each state also has its own tenancy law, which may place some limitations on what agents are allowed to collect. For example, in Victoria, real estate agents are not allowed to require any information that relates to a protected attribute without telling you why in writing. This includes age, gender, race, disability, sexual orientation, profession, religious belief and marital or parental status. They’re also not allowed to ask for bank statements that contain daily transactions.

And yet, real estate agents continue to regularly ask for this information.

The trouble is, it’s not just about what is legal – it’s also a question of power. As long as agents have the ability to make you homeless, renters will do what they ask, and regulations mean very little if they are poorly enforced.

Read more: The Guardian, October 4 , 2022

Rental applicants across the country pressured to pay for their own background checks

When Louise Camona was told her rent would be rising by $120 a week, she knew she, her husband and their four kids were going to have to find somewhere else to live.

“Paying that amount is going to break us in the end,” she said.

When Ms Camona found a property she liked, the online application form urged her to pay for her own background check to help her application “stand out from the pack”.

Ms Camona could choose not to pay, but she would have to tick a box that says “no thanks, I don’t want to verify my identity” and her “star rating” as an applicant would be capped at four out of five stars.

The 2Apply form, designed by tech company Inspect Real Estate, was also asking for extensive private information including the name, gender and age of their children, and the make, model and registration of their car.

Read more: ABC News via MSN, November 3, 2022

Real estate firm breached, signatures and IDs stolen

Privacy advocates are calling for an overhaul of the way renters’ personal information is stored after real estate firm Harcourts Melbourne City revealed that a recent cyber-attack may have compromised identity documents and other details of its clients and their tenants…

Harcourts has blamed the breach on the compromise of an account of an employee of real estate service provider StaffLink, which provides property and task management software to help real estate agents run more efficiently.

Based on the company’s description of events, an employee account was compromised after an employee used a personal device for work purposes, rather than using their more secure company-issued device – allowing a cyber criminal access to Harcourts personal data.

Read more: Information Age, November 3, 2022

Advocates had warned of the dangers of a real estate data breach. It just happened.

Australian real estate agency Harcourts has revealed it was affected by a cyber-attack last month, with the personal information of tenants, landlords, and tradespeople potentially exposed.

In an email sent to customers of the Melbourne City franchisee of Harcourts, the company said it became aware on 24 October that an “unknown third party” had accessed its rental property database.

Harcourts said on Thursday that the breach occurred when the account of a representative at service provider Stafflink, which gives the franchisee administrative support, was allegedly compromised and accessed by that unknown third party.

Read more: SBS News, 3 November, 2022

Real estate agency LJ Hooker hit with data breach

The real estate industry has suffered a second data breach in two months, as LJ Hooker confirmed one of its offices had been hit...

The breach was first reported by Vice, which said a ransomware gang claimed to have taken employee and customer data including passport scans, credit card details, and loans data...

Security experts and tenant advocates have been warning of the risk of data breaches in the real estate industry, which also collects information as wide-ranging as rental history, passport details, payslips, bank statements, credit scores, and driver’s licence and vehicle registration details.

Read more: The Sydney Morning Herald, 8 December, 2022 (paywall)

‘The wild west”: New headache for home-hunters in a tough market

Renter Nick Duncan spent three weeks looking for a rental with his partner in Sydney, and he was struck by how much information he needed to hand over in the hopes of securing a lease.

“The market is so hot … We felt like if we wanted to get a place we had to abide by all the rules and provide everything that was asked,” Duncan said…

UNSW Institute for Cyber Security director Nigel Phair said renters were ultimately powerless, which was unusual compared to other circumstances where consumers could choose to opt out.

“The renter has no power in the relationship,” Phair said. “When we have data privacy laws they should have a degree of power. They should be able to opt out.”

Phair thought the third-party rental databases were ripe for data harvesting.

“There is no rule governing, outside of the notifiable breach scheme, that a real estate agent should only collect XYZ.

“It’s a really unregulated market. It’s the wild west. It’s terrible. It’s stressful.”

Beyond verifying 100 points of identity, it was unnecessary for the industry to be asking for any more information, Phair said.

Read more: The Sydney Morning Herald, 15 December, 2022 (paywall)

Pin It on Pinterest