Meriton Latest Company to Disclose a Data Breach

Property giant Meriton is the latest company to disclose a significant data breach, warning staff and guests that personal information may have been accessed by cybercriminals.


The developer and construction company, known for its serviced apartments and founded by Harry Triguboff, said it was attacked in January this year. Meriton believes its staff may have had financial, health and employment information breached, while guest contact information may have been exposed.Play Video


The Meriton Group has revealed it was the victim of a serious cyberattack that compromised the data of guests and staff.


In total, Meriton said it contacted about 1900 people to advise them of the breach. It said the exposed information compromised 35.6 gigabytes of data, and that it had alerted the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

In its letter to those affected, Meriton said it had no reason to think the stolen information had been put to use in criminal activity.


“We have no evidence that this cyber incident was directed towards any specific individual, and our investigation has revealed no evidence that your information has been misused,” it said.

“We have been working closely alongside leading cybersecurity and forensic IT professionals and taking all available steps to protect against future risk to data and prevent a recurrence.”


The disclosure comes days after consumer finance provider Latitude Financial confirmed that details of 14 million customers were stolen from its computer systems – much more than it previously believed.


That attack, detected earlier this month, exposed driver’s licences, passport numbers and contact details. In the past year, millions of people have had to identify information stolen through a series of prominent hacks, including of Optus and Medibank.


Sumit Bandal, Asia Pacific vice president at cloud security company Blue Voyant, said recent breaches including Meriton took advantage of the fact that data was not just concentrated in one place, but duplicated and shared with suppliers and other parties.


“Meriton is a reminder for companies to look at their vendors, suppliers, and other third parties. We have been hit with a series of supply breaches over the past few weeks with Latitude Financial and The Good Guys … these companies are not the only ones to be negatively impacted by a breach related to a third party, and most likely will not be the last,” he said.


Alastair MacGibbon of CyberX says that strangely, the Latitude hack may not be as bad as it seems.

“Organisations should only provide employees and third parties with access to the data needed for their role. This helps to control what data can be accessed in the event of a breach. They should also put policies in place to prevent third parties from retaining data after their services are no longer used.”


In the past, supply chain hacks have been used to spread malicious software through networks of clients and end users, as with SolarWinds in 2020, and Kaseya in 2021. But in these latest attacks, as with some affecting Telstra, NAB and others last year, the target appears to be personal information that can be sold or leveraged for fraud.


The Office of the Australian Information Commissioner recently reported that, in the second half of 2022, it was notified of 497 breaches – a 26 per cent increase compared with the previous half.

Of the top 40 breaches that each affected 5000 Australians or more, 33 were the result of cybersecurity incidents.


“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Privacy Commissioner Angelene Falk said this month.

“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”


Meriton has been contacted for comment.


Source: https://www.smh.com.au/technology/financial-health-contact-information-exposed-in-meriton-data-breach-20230329-p5cw58.html

Subscribe to our newsletter!

Testimonials