Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
National
national technology reporter Danny Tran

Hotel and property giant Meriton hit by data hack, personal documents may be at risk

Information about Meriton staff's salaries, disciplinary history and performance appraisals may have been accessed. (ABC News: Adam Wyatt)

One of Australia's biggest property giants has been hit by cybercriminals who may have made off with highly sensitive personal data including birth certificates and bank details, as well as information about salaries and disciplinary proceedings.

Guests and staff members employed by Meriton were affected by the data breach when hackers struck the luxury developer on January 14 this year.

The incident compelled the company to warn approximately 1,889 people to take steps to protect themselves.

Meriton staff members were the most intimately stung by the hack, with the company warning them that cybercriminals may have accessed details of their bank accounts, tax file numbers and employment information, which includes particulars about salaries, disciplinary history and performance appraisals.

The company also said staff health information may have been accessed.

Meanwhile, guests who stayed with Meriton were told that their contact information may have been compromised.

They were also told their health information — which would include any details recorded in incident reports, such as when an ambulance is called for an injury — was potentially exposed too.

Meriton is best known for its luxury hotels and apartments but also leases and sells commercial properties.

It was founded by property developer Harry Triguboff, who according to the Australian Financial Review is Australia's sixth-richest man and is estimated to be worth $21.2 billion.

In a statement, Meriton confirmed to the ABC that it was the victim of a "cybersecurity incident" which compromised 35.6 gigabytes of data, and which it attributed to an "unidentified third party".

Meriton said it had taken all the "appropriate" steps including notifying guests and workers affected, as well as informing the Australian Cyber Security Centre and the Office of the Australian Information Commissioner (OAIC).

The OAIC has now closed its file on Meriton.

In letters sent to both guests and staff members, Meriton urged those affected to keep an eye on their banking statements and warned them to be wary of scams.

"We have no evidence that this cyber incident was directed towards any specific individual, and our investigation has revealed no evidence that your information has been misused," the company said.

"We have been working closely alongside leading cybersecurity and forensic IT professionals and taking all available steps to protect against future risk to data and prevent recurrence."

Meriton also promised guests and staff it was implementing enhanced cybersecurity measures to protect the company's IT networks.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.