One of Australia's largest property developers, Meriton, has recently fallen victim to a data breach, with cybercriminals potentially stealing sensitive personal information.
Meriton is best known for its luxury hotels and apartments, but also leases and sells commercial properties.
It was founded by property developer Harry Triguboff, who according to the Australian Financial Review is Australia's sixth-richest man and is estimated to be worth $21.2 billion.
In a statement, Meriton confirmed to the ABC that it was the victim of a "cybersecurity incident" which compromised 35.6 gigabytes of data, and which it attributed to an "unidentified third party".
Meriton revealed that it had fallen victim to a cyberattack, in which sensitive employee information, including bank details, tax file numbers, salary information, and performance reviews, may have been stolen by hackers. The company is working closely with cybersecurity experts and law enforcement agencies to investigate the breach and mitigate any potential harm to the affected individuals.
The Meriton cyberattack highlights the vulnerability of the building industry to cyber threats. As the industry increasingly relies on digital technologies, it becomes more susceptible to attacks from malicious actors seeking to exploit security weaknesses.
As building automation and management systems become increasingly prevalent in the property industry, the sector is becoming more reliant on digital technologies. This reliance exposes building technologies to the risk of cyberattacks, which can have significant financial, operational, and reputational repercussions for property developers, managers, and owners.
The increasing use of SCADA (Supervisory Control and Data Acquisition) systems, IP networking, and cloud-based platforms in the building and property industry has led to greater interconnectivity between building management systems (BMS) and corporate networks. While these technologies have improved efficiency and collaboration, they have also made BMS more susceptible to cyberattacks.
BMS control various functions, such as heating, ventilation, and air conditioning (HVAC), lighting, and security, which in the past were run as a parallel close network, moreover the advent of cloud monitoring systems has increased vulnerability points in the crossover between BMS and corporate network services.
Recent innovations in building services such as the Internet of Things, which encompass smart thermostats, lighting systems, and surveillance cameras, are increasingly integrated into modern building designs. A large portion of these technologies intersect from SCADA to IP networks and with the increase reliance of cloud-based platforms for data storage, project management, to increase collaboration
The Need for Comprehensive Cybersecurity Measures to improve risk management processes and conduct regular assessments of their cyber risk exposure, including identifying vulnerabilities in their building technologies and implementing appropriate risk mitigation strategies.
Property companies must invest in cybersecurity training for employees to recognize and respond to potential cyber threats, promoting a culture of security awareness and invest in the adoption of a multi-layered approach to cybersecurity, implementing a combination of technical, administrative, and physical controls to protect their digital assets and building technologies
As the property sector becomes increasingly digitised and interconnected, supply chain cybersecurity risks will continue to grow. Property companies must proactively address these threats by implementing robust security measures, collaborating with supply chain partners, and complying with industry standards and regulations.
Cyber Attacks in the Building and Property Industry is a worldwide phenomenon
Meriton joins a long list of firms that have been attacked by hackers over the past year. The hotel and property developer has also taken “appropriate” measures to notify those affected, sending letters to both guests and staff members.
“We have been working closely alongside leading cybersecurity and forensic IT professionals and taking all available steps to protect against future risk to data and prevent recurrence.” told the ABC in a statement
A major data breach at property valuation firm, LandMark White. revealed in February 2019, resulting in the exposure of more than 100,000 personal and financial records. The breach occurred due to an unsecured API, allowing unauthorised access to the sensitive information. In the aftermath of the incident, several major banks suspended their dealings with the company, leading to substantial financial losses.
In early 2020 French media reported that the Bouygues Group’s construction subsidiary had been hit by a massive ransomware attack. The entire computer network has been affected, and all of the company’s servers shut down. A ransom of 10 million Euros has been requested, and at least 200GB of data has already been stolen.
Minister Claire O'Neil and the National Office for Cyber Security
Last month Prime Minister Albanese announced the creation of a new National Coordinator for Cyber Security, supported by a National Office for Cyber Security.
Minister for Cyber Security Senator O’Neill, presented in March 22, 2023 at the Australian Information Security Association’s (AISA) Australian Cyber Conference 2023, reaffirming the government's commitment to fight Cybercrime in 20023, with a series of coordinated initiatives
The Minister is considering a range of measures “The Cyber Security Strategy include creating a legislative framework to shift cyber security risks away from our most vulnerable members of the community towards those who are best placed to manage it, including software and cyber security service providers, telecommunications firms and technology developers,” the Cyber Security Minister told the audience.
“Helping the government to develop the new Cyber Security Strategy is an Expert Advisory Board led by former Telstra CEO Andy Penn, and including one of Australia's foremost cybersecurity and telco experts, Rachael Falk, and former Chief of Air Force Mel Hupfeld.” Said, Senator O’Neill
With multiple building technologies at risk, regulators must play an active role in promoting best practices and ensuring that companies adopt robust cybersecurity measures to protect their sensitive data and assets.
The recent attacks in Australia are the most recent evidence that the building Industry and financial services sectors are part of a broader cyber security phenomenon impacting the economy. These incidents illustrate that companies operating in this space must prioritise cybersecurity strategy and collaboration with regulators.
