.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Harcourts
Nov 10, 2022 3:54:15 PM
The Target: Harcourts’s Melbourne branch, a real estate company.
The Take: Exposure of Personally Identifiable Information including: names, email addresses, home addresses, phone number, copy of signatures, photo identification, and some bank details.
The Vector: An employee’s credentials were compromised at one of Harcourt’s third-party providers, Stafflink. The breach occurred because the employee was using one of their own unsecured devices for work rather than a company issue device. The compromised credentials account allowed the attacker full access to the above personal information.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, why enforcing security rules and strategies is only effective if employees are using compliant devices where these rules exist. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
