Read Time 2 mins | 30 October 2025
This is an ongoing investigation. This article will be updated as more information becomes available.
The Australian real estate industry may be facing a significant cyberattack. The threat actor "Radar" claims to have compromised Sold Real Estate, One Agency Eastlakes, and UrbanX, all on the same day. However, the validity of these claims remains uncertain, with evidence suggesting the attack may be fabricated or overstated.
Timeline of Events
17 October 2025 – According to the threat actor, the compromise occurred on this date.
17 October 2025 – The breach listings appeared on dark web leak sites.
13 November 2025 – If ransom demands are not met, the full dataset is scheduled to be published on this date.
The Claims
The threat actor claims to have compromised:
- Sold Real Estate
- One Agency Eastlakes
- UrbanX
- 4 conveyancing firms (names not disclosed)
- 2 law firms (names not disclosed)
- Passport information
Inconsistency: Rivanorth has identified significant red flags in the claims. Much of the information provided regarding One Agency Eastlakes and UrbanX appears to be duplicated, which may indicate the attacker's claims are not legitimate.
Supply Chain Implications
What makes this incident particularly noteworthy is the potential supply chain impact. Even if the primary real estate companies were not directly breached, the involvement of conveyancers, law firms, and passport data suggests that downstream partners and service providers may have been compromised instead.
This is a recurring theme in modern cybersecurity: organisations can maintain robust security postures, yet still have their data exposed through third-party vendors and partners. The interconnected nature of the real estate transaction process, which involves multiple parties handling sensitive personal and financial information, creates numerous potential points of failure.
Three Possible Outcomes
Based on the available evidence, there are three potential scenarios:
1. Complete Fabrication – The attacker's claims are entirely false, and no legitimate data breach has occurred. The duplicate information and lack of substantial proof support this possibility.
2. Significant Industry Breach – The claims are genuine, and we are dealing with a sizeable compromise affecting multiple entities in the Australian real estate sector.
3. Extensive Supply Chain Breach – The situation is worse than initially claimed, with additional third parties exposed through compromised service providers, creating a cascading effect throughout the industry.
What We're Watching
With the data not scheduled for release until 13 November 2025, it remains difficult to make a definitive assessment. The coming days will be crucial in determining whether this represents a genuine security incident or an elaborate bluff by the threat actor.
The duplication of data samples is particularly suspicious and warrants scepticism about the legitimacy of these claims. However, the mention of conveyancers, law firms, and passport information suggests a more complex attack vector that may involve third-party service providers rather than the named real estate companies themselves.
Supply Chain Impact Analysis
All third-party security implications will be available in Rivanorth Oko. Once the full data drop occurs (if it happens), we'll have comprehensive third-party impact analysis available, helping you understand your supply chain exposure immediately.