Raine & Horne Dubbo
Notification of data breach
A recent security incident suffered by Raine & Horne Dubbo may have resulted in unauthorised access to some personal information of some individuals. We are issuing this notice to inform and protect our tenants, landlords and suppliers.
This notice only affects you if you have sent or received an email containing personal information to Raine & Horne Dubbo’s property management email address ([email protected]) in the past few years. The security incident did not affect any other email address.
On 16 September 2020, Raine & Horne Dubbo became aware of some unusual activity on its [email protected] email account. Subsequent investigations show that an employee inadvertently installed malware on one of our computer systems, and that malware obtained unauthorised access to the email account (the “compromised mailbox”).
We have implemented several technical and practical measures to improve the security of our email accounts and ensure that this kind of incident cannot reoccur.
We have reported this incident to the Office of the Australian Information Commissioner and the Australian Cyber Security Centre, and we will continue to liaise with those authorities regarding this incident.
The compromised mailbox contained personal information of Raine & Horne Dubbo’s landlords, tenants and suppliers in emails and attachments. We do not know whether the malware accessed or uploaded any of the personal information contained in the compromised mailbox. However, as that is a possibility, we are issuing this public notice.
What personal information was affected?
To the best of our knowledge, the personal information contained in the compromised mailbox included:
What should I do?
If you are a tenant who submitted a scanned image of your driver’s licence or passport details to [email protected]:
It is possible that an unauthorised person could use your identity documents for the purposes of identity fraud. This means that they could use that information to impersonate you to obtain a benefit or service. We recommend that you:
If you are a tenant who submitted a scanned image of your credit card to [email protected]:
It is possible that an unauthorised person could misuse your credit card details to make purchases of goods or services. We recommend that you review your credit card statement carefully, and notify your bank as soon as possible if you notice any suspicious transactions.
If you sent or received any document containing your bank account details to or from [email protected]:
Bank account details do not pose an immediate risk by themselves – an unauthorised person cannot steal funds just because they know these details. However, a fraudster may contact you in an attempt to trick you into providing more personal information or access credentials. This is called “social engineering”. To protect yourself against social engineering:
Please be vigilant of malicious or fraudulent emails which appear to be from Raine & Horne Dubbo. In particular:
Additional information on these types of fraud and how to avoid them are available at https://www.staysmartonline.gov.au. Additional guidance about protecting your identity can be found at https://www.oaic.gov.au/individuals/data-breach-guidance/what-to-do-after-a-data-breach-notification#other-resources.
Raine & Horne Dubbo takes the security of your personal information very seriously. We apologise for this unauthorised access to your personal information and sincerely regret any inconvenience this may cause you. If you would like to discuss the situation with us further or if you have any questions about any aspect of this letter, please do not hesitate to contact us at [email protected] or (02) 6882 1755.
Raine & Horne Dubbo