Read Time 3 mins | 30 October 2025
This is an ongoing investigation. This article will be updated as more information becomes available.
Last updated: 17 November 2025.
The Australian real estate industry may be facing a significant cyberattack. The threat actor "Radar" claims to have compromised Sold Real Estate, One Agency Eastlakes, and UrbanX, all on the same day. However, the validity of these claims remains uncertain, with evidence suggesting the attack may be fabricated or overstated.
Timeline of Events
17 October 2025 – According to the threat actor, the compromise occurred on this date.
17 October 2025 – The breach listings appeared on dark web leak sites.
13 November 2025 – The scheduled data release date (13 November) passed without the threat actor publishing the data.
20 December 2025 – New deadline listed for all three affected companies. The reason for the extension remains unknown.
Latest Developments
The originally scheduled data release date of 13 November 2025 has passed without any publication of the claimed dataset. All three affected companies now show a revised deadline of 20 December 2025 on the threat actor's leak site.
The reason for this extension is currently unknown. Several possibilities exist: ongoing ransom negotiations, technical difficulties on the attacker's end, or further evidence supporting the fabrication theory outlined earlier in this analysis.
The duplication of data samples remains particularly suspicious and warrants continued scepticism about the legitimacy of these claims. However, the mention of conveyancers, law firms, and passport information continues to suggest a more complex attack vector that may involve third-party service providers rather than the named real estate companies themselves.
The extended deadline provides additional time for affected organisations to conduct thorough security assessments and for the industry to prepare for potential data exposure, should the claims prove legitimate.
The Claims
The threat actor claims to have compromised:
- Sold Real Estate
- One Agency Eastlakes
- UrbanX
- 4 conveyancing firms (names not disclosed)
- 2 law firms (names not disclosed)
- Passport information
Inconsistency: Rivanorth has identified significant red flags in the claims. Much of the information provided regarding One Agency Eastlakes and UrbanX appears to be duplicated, which may indicate the attacker's claims are not legitimate.
Supply Chain Implications
What makes this incident particularly noteworthy is the potential supply chain impact. Even if the primary real estate companies were not directly breached, the involvement of conveyancers, law firms, and passport data suggests that downstream partners and service providers may have been compromised instead.
This is a recurring theme in modern cybersecurity: organisations can maintain robust security postures, yet still have their data exposed through third-party vendors and partners. The interconnected nature of the real estate transaction process, which involves multiple parties handling sensitive personal and financial information, creates numerous potential points of failure.
Three Possible Outcomes
Based on the available evidence, there are three potential scenarios:
1. Complete Fabrication – The attacker's claims are entirely false, and no legitimate data breach has occurred. The duplicate information and lack of substantial proof support this possibility.
2. Significant Industry Breach – The claims are genuine, and we are dealing with a sizeable compromise affecting multiple entities in the Australian real estate sector.
3. Extensive Supply Chain Breach – The situation is worse than initially claimed, with additional third parties exposed through compromised service providers, creating a cascading effect throughout the industry.
Supply Chain Impact Analysis
All third-party security implications will be available in Rivanorth Oko. Once the full data drop occurs (if it happens), we'll have comprehensive third-party impact analysis available, helping you understand your supply chain exposure immediately.