In a statement released late on Wednesday, PEXA informed the market that new measures will further safeguard all transactions conducted via the platform.
“We also want to ensure you are kept fully informed of the security measures we have in place, as well as our continuing response to incidents reported in recent days,” the group said.
PEXA confirmed that there have been two incidents that triggered its decision to boost security, one of which saw former MasterChef contestant Dani Venn become the victim of a hacker attack. The criminals allegedly stole $250,000 from the sale of Ms Venn’s property by diverting the settlement funds into a fraudulent bank account set up by the hackers.
“Any reports of fraudulent activity made to PEXA are recorded and escalated internally in line with established procedures,” the company said.
“Following an incident reported to PEXA on 31 May, PEXA sped up existing plans to introduce multi-factor verification. This is on track for delivery within the next few weeks.
“When PEXA was alerted to a second incident, we immediately increased our monitoring of potential unusual activity surrounding password resets, new user creations and changes to BSB and account numbers. We have been actively contacting practitioners to confirm any such activity is legitimate and continue to do so.”
The security breach has prompted PEXA to introduce a new consumer guarantee, the details of which remain unclear. However, the company explained that it anticipates this guarantee will go “above and beyond any guarantee available in the paper-based settlement process and will provide greater safeguards to consumers whose conveyancer or lawyer uses PEXA”.
In addition to its existing cyber security systems and processes, PEXA is assisting the conveyancers and lawyers who use its platform to uphold the highest possible security standards by:
• Reinforcing and strengthening existing scanning measures, including implementing daily monitoring in relation to password reset activity, new users and change of account details, including follow-up with its members.
• Creating new users in an “inactive” mode, meaning only PEXA can activate all new users on its clients’ behalf after confirming the new user with them.
• Introducing Workspace time stamps so clients can see who and when the Workspace was last updated.
• Introducing an additional verification layer upon sign-in.
“We clearly regret the distress felt by those impacted in these two recent events and will ensure all outstanding funds are covered, without condition,” the company said.
“We’re continuing to work with all those involved. You’ll hear more from us shortly outlining our new verification layer and consumer guarantee.”
The incidents have sparked fears over the security of the e-conveyancing platform, which is currently the only one of its kind operating in Australia. A competitor platform will soon be launched by the ASX.
Mortgage Business understands that Western Australia Lands Minister Rita Saffioti has ordered an urgent briefing about PEXA’s security ahead of a decision to force all property sellers in the state to use the platform.
The WA government is an owner of PEXA, along with the Victoria, New South Wales and Queensland state governments, the big four banks, Macquarie Capital, Little Group and Link Group.
[Related: ‘We weren’t hacked’: PEXA reacts to theft of home sale funds]