An Australian real-estate agent was impacted by a cyber incident, with more than 17,300 customer records potentially exposed.

According to the reports, the data allegedly published on a hacking forum included customer names, email addresses, mobile numbers, addresses, business interest details, property price ranges and enquiry timestamps. The company has confirmed it is aware of the claims and is investigating the incident with cyber security advisors.

While investigations are ongoing, the incident highlights an important cyber risk for Australian businesses: even general enquiry data can become highly valuable when accessed by threat actors.

 Customer enquiry information may seem low-risk compared to financial records or identity documents, but in the hands of cyber criminals it can be used to create highly targeted scams. The key issue is not only whether a business stores highly sensitive data, it is whether the data it holds could be used to target customers, staff, suppliers or business partners in a convincing way.

 Many businesses today collect enquiry forms, contact details, online requests, CRM records, email trails and customer notes as part of normal operations. If those systems are not properly secured, monitored, and maintained, they can become a pathway for reputational damage, privacy concerns and downstream fraud.

Businesses should use incidents like this as a reminder to review how customer data is collected, stored, accessed, and protected. This includes checking whether old records are still required, whether access is restricted to the right staff, whether multi-factor authentication is enabled, and whether systems are regularly patched and monitored.