This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

First National Real Estate

Summary

First National Real Estate, one of Australia's largest real estate franchise networks, exposed job applicant data online in January 2019 when CVs, cover letters, and employment applications were left publicly accessible. The breach compromised personal information and employment histories of people seeking positions within the real estate industry, highlighting the often-overlooked security of recruitment data.

What Happened

Misconfiguration. First National Real Estate's recruitment system was improperly configured, leaving job applications and supporting documents publicly accessible on the internet. The exposed data included CVs containing comprehensive employment histories, educational qualifications, personal references, cover letters, contact details, and potentially sensitive information such as referee contact details and reasons for leaving previous positions. Job applications often contain information people would not want broadly disclosed, such as current employment details, salary expectations, or explanations for employment gaps. The data was discovered by security researchers who alerted First National to the exposure.

Impact on Individuals

  • Employment Privacy: Current employment details and job-seeking activities exposed
  • Personal Information: Full contact details, addresses, phone numbers, and email addresses compromised
  • Career Histories: Comprehensive employment records and educational backgrounds revealed
  • References Exposed: Contact details for professional and personal references compromised
  • Salary Expectations: Potentially sensitive salary information and negotiation positions disclosed
  • Identity Theft Risk: CVs contain comprehensive personal and professional information valuable for fraud

The exposure of job application materials was particularly concerning because it could affect applicants' current employment if employers discovered they were job-seeking.

Response

First National Real Estate immediately secured the exposed recruitment data once notified of the vulnerability. The company launched an investigation to determine how long the information had been publicly accessible and whether it had been accessed by unauthorised parties. Affected job applicants were notified about the breach and advised to be alert for potential phishing attempts or identity theft. First National reported the incident to the Office of the Australian Information Commissioner and reviewed its data handling procedures for recruitment materials. The franchise network implemented enhanced security measures for its application management systems and provided guidance to individual franchisees about proper data protection practices. The breach highlighted the need for organisations to apply the same security standards to recruitment data as they do to customer information. +++

Verification Source: View original statement