Up to 100,000 customer details compromised in Australia home loan breach

Some of Australia’s biggest banking institutions are making efforts to notify around 100,000 account holders who may have had their private details compromised in a data breach to hit the property valuation company, LandMark White, the Sydney Herald reports.

Disclosed on Friday of last week by LandMark White, the breach could have exposed a range of victims’ personal details, including names, residential addresses, property agents’ identification, first and las names, phone numbers and property valuations.

LandMark White has since been suspended from valuation panels at the Commonwealth Bank of Australia (CBA) and ANZ Bank, while National Australia Bank is still said to be processing the effect the breach is having on customers. Australia’s biggest lender, CBA is also reaching out to over 20,000 customers, according to an inside source.

“As part of the data incident, customer information relating to property valuations was found hidden on the internet,” the bank, Australia’s biggest lender, said in a statement.

“The customer information that was disclosed relates directly to the valuations completed by LandMark White and includes customer name; contact details such as phone or email address; and details about the valued property.”

According to a statement released by CBA, no account information was exposed in the breach, and an apology was made to the bank’s customer base.

“We take the protection of data and security incidents very seriously. The safety and security of our customers’ information is of paramount importance to us, which is why we have immediately suspended using LandMark White while we investigate how this occurred,” the statement said.

LandMark White is one of the largest valuation firms in the country, whose services are used by banks and lenders nationwide. The organisation has now set up a website for customers while maintaining that no evidence of data misuse exists. Even so, the situation remains under “close review”.

LandMark White chief executive, Chris Coonan said:

“We are working closely with experts in IT and cybersecurity as well as our corporate partners, to achieve the best possible outcome for our clients LandMark White acted immediately, employing independent experts in data breaches and cyber security to assist with the investigation into the incident.”

“Although LandMark White’s investigation is ongoing, we have taken immediate steps to prevent any further disclosure of data. Currently there is no evidence of misuse of any information. We will share new information as soon as possible.”

ANZ chief data officer, Emma Gray has highlighted the bank’s efforts to work out the extent of any damage caused.

“We will contact them directly to outline potential impacts and how we will support them. At this stage we understand a very small percentage of our customers who had valuations undertaken between November 2015 and December 2018 are potentially impacted.”

“ANZ takes its privacy obligations very seriously and we are extremely disappointed this incident has occurred,” she added.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.