Current News

2574.full

Data Breach

Raine & Horne Dubbo

 

Notification of data breach

 

[19-October-2020]

 

A recent security incident suffered by Raine & Horne Dubbo may have resulted in unauthorised access to some personal information of some individuals. We are issuing this notice to inform and protect our tenants, landlords and suppliers.

 

This notice only affects you if you have sent or received an email containing personal information to Raine & Horne Dubbo’s property management email address ([email protected]) in the past few years. The security incident did not affect any other email address.

 

What happened?

 

On 16 September 2020, Raine & Horne Dubbo became aware of some unusual activity on its [email protected] email account. Subsequent investigations show that an employee inadvertently installed malware on one of our computer systems, and that malware obtained unauthorised access to the email account (the “compromised mailbox”).

We have implemented several technical and practical measures to improve the security of our email accounts and ensure that this kind of incident cannot reoccur.

We have reported this incident to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre, and we will continue to liaise with those authorities regarding this incident.

The compromised mailbox contained personal information of Raine & Horne Dubbo’s landlords, tenants and suppliers in emails and attachments. We do not know whether the malware accessed or uploaded any of the personal information contained in the compromised mailbox. However, as that is a possibility, we are issuing this public notice.

What personal information was affected?

To the best of our knowledge, the personal information contained in the compromised mailbox included:

  • names, email addresses and other contact details of landlords, tenants and suppliers;
  • bank account numbers of landlords, tenants and suppliers; and
  • scanned images of identity documents for a minority of tenants – driver’s licences, passports and credit cards (front of card only). We note that most tenants submit their identity documents through a different address, [email protected], which was not affected by this incident.

What should I do?

If you are a tenant who submitted a scanned image of your driver’s licence or passport details to [email protected]:

It is possible that an unauthorised person could use your identity documents for the purposes of identity fraud. This means that they could use that information to impersonate you to obtain a benefit or service. We recommend that you:

 

  • review your financial and other services accounts for suspicious activity, and notify your bank as soon as possible if you notice any such activity;

 

  • if you find you are not receiving mail, you should check with Australia Post that your mail has not been redirected, and secure your letterbox;

 

  • if you notice that your mobile phone loses coverage for an extended period of time, you should check with your telecommunications provider that no-one has attempted to port you phone to another provider; and

 

  • if you receive goods or services that you did not order, or notifications about goods or services that you did not order, notify the relevant seller or service provider as soon as possible.

 

If you are a tenant who submitted a scanned image of your credit card to [email protected]:

It is possible that an unauthorised person could misuse your credit card details to make purchases of goods or services. We recommend that you review your credit card statement carefully, and notify your bank as soon as possible if you notice any suspicious transactions.

 

If you sent or received any document containing your bank account details to or from [email protected]:

Bank account details do not pose an immediate risk by themselves – an unauthorised person cannot steal funds just because they know these details. However, a fraudster may contact you in an attempt to trick you into providing more personal information or access credentials. This is called “social engineering”. To protect yourself against social engineering:

 

  • be wary of anyone contacting you who requests personal information or access credentials from you, even if they quote your bank account number or appear to know other details about you;

 

  • do not respond to email or SMS messages asking for personal information; and

 

  • be careful of unsolicited telephone calls which purport to be from a business or government authority.

 

General advice

Please be vigilant of malicious or fraudulent emails which appear to be from Raine & Horne Dubbo. In particular:

  • always check that an email is genuine before clicking on any email attachment;
  • before replying to an email that appears to be from us, check that the reply is addressed to a “@com.au” email address; and
  • if you receive a message from Raine & Horne Dubbo telling you that we have changed our bank account details, please contact us at (to confirm before making any payment.

Additional information on these types of fraud and how to avoid them are available at https://www.staysmartonline.gov.au. Additional guidance about protecting your identity can be found at https://www.oaic.gov.au/individuals/data-breach-guidance/what-to-do-after-a-data-breach-notification#other-resources.

Raine & Horne Dubbo takes the security of your personal information very seriously. We apologise for this unauthorised access to your personal information and sincerely regret any inconvenience this may cause you. If you would like to discuss the situation with us further or if you have any questions about any aspect of this letter, please do not hesitate to contact us at [email protected] or (02) 6882 1755

 

 

Ken Mongan

Managing Director

Raine & Horne Dubbo

< Back