Ransomware gang BlackSuit claims Herron Todd White breach

A ransomware gang has emerged with an explosive claim that it is behind a major cyber breach at one of the nation’s largest property valuers.

Joseph Lam and Mackenzie Scott

2 min read

7:15PMMay 02, 2024.

Updated 7:49PMMay 02, 2024

The Australian Business Network

Herron Todd White is understood to be the victim of a major cyber breach.

A ransomware gang has emerged with an explosive claim that it is behind a major cyber breach at one of the nation’s largest property valuers.

The breach at property valuation firm Herron Todd White has sparked fears with some of the firm’s biggest customers including Australia’s big four banks, leading to a temporary suspension of valuation work.

The gang, known as BlackSuit, has claimed on the dark web that it has retrieved as much as 300GB of data from HTW. The claim arrives about a month after HTW became aware of the incident.

HTW is one of Australia’s largest valuers of property, employing more than 750 staff across 64 offices. The company has declined requests from media to go into detail on the incident.

Company insiders said they believed the breach related to the company’s legacy system, which was being decommissioned. It is understood HTW became aware of the breach as early as April 5.

The 50-year-old firm values all sizes of property from major developments, rural properties, residential properties and corporate and government portfolios.

The sheer size and reach of the company has sparked fear at some of its largest customers.

Many have taken precautionary measures, temporarily suspending some or all work with the firm. Among them are the big four banks including Westpac, ANZ and NAB who have suspended all new valuation work with HTW.

Australia’s largest bank, CBA, has suspended new commercial and agricultural work with the firm. Macquarie Bank has also given HTW a full suspension from valuation referrals.

The breach has attracted the attention of government, with the Australian Signals Directorate’s Australian Cyber Security Centre understood to be monitoring the situation. It is understood HTW has been in contact with federal agencies and reported the breach, as is required by law within 12 hours of a cyber security incident taking place. While HTW has not given an update on the incident, it put out a statement last month.

“Our monitoring and cybersecurity processes acted to provide early detection, and we have commenced an investigation …” a spokesman said.

• Alarm bells have been sounded after a group of offshore developers in Asia took hostage the personal information of Australian patrons from more than one million visits to licensed clubs and pubs in NSW and the ACT.

The federal government has called in its highest cyber brass to respond to the incident, which involves 16 ClubsNSW member venues and Merivale restaurants, a group of software developers in The Philippines and a data service called Outabox.