E-Conveyancing Giant Says It Stopped 6.5 Million Cyber Intrusion Attempts in 2024

‘This is very consistent with the pressure we are seeing both on the financial market and particularly in Australia,’ said CTO Eglantine Etiemble.
E-Conveyancing Giant Says It Stopped 6.5 Million Cyber Intrusion Attempts in 2024
An employee types on a computer keyboard at the headquarters of Internet security giant Kaspersky in Moscow, Russia, on Oct. 17, 2016. Kirill Kudryavtsev/AFP via Getty Images
|Updated:
0:00

Australia’s dominant digital property settlement platform, PEXA, has revealed that it thwarted over six million attempts to invade its system in the last financial year.

At a recent parliamentary inquiry, Eglantine Etiemble, Group Chief Technology Officer at PEXA, raised concerns that her company has been subjected to increased cybersecurity risks.

“We have seen the risk increasing. Last year, we had to stop 6.5 million intrusion attempts,” she told the Economics References Committee.

“This is very consistent with the pressure we are seeing both on the financial market and particularly in Australia. So we are in the eye of the storm.”

According to the Office of the Australian Information Commissioner (OAIC), the agency received 595 data breach notifications between July and December 2024, raising the annual total to 1,113.

This represented a 25 percent increase from 2023 and the highest annual total since the introduction of mandatory data breach notification requirements in 2018.

Some of the most high-profile data breaches in 2025 include the Qantas Airways hack, which exposed the personal information of 5.7 million Australians.

To counter rising threats, Etiemble said PEXA has invested nearly $10 million (US$6.61 million) in cybersecurity, with spending to increase in the coming period.

“We have a series of certifications and compliance that we are monitoring very carefully, [and] we are having quite sophisticated approaches in terms of encryption, segregation of data, classification of our data, etc,” she said.

“When it comes to the conversation and the engagement in [the prudential standard] CPS 230, there are really two things that we have been looking at—the clarity and the demonstration that our data are well and safely guarded, [and] how we recover from the platform from a disaster recovery.”

The chief technical officer also noted that her company has been proactively engaging with commercial banks to ensure it can meet their cybersecurity requirements.

PEXA Says It’s a Responsible Data Custodian

A committee member questioned PEXA about the implications of its control over nationwide data on property ownership, transactions, mortgages, and settlements, and whether it is appropriate for the company to do so given its monopoly over Australia’s e-conveyancing market.

In response, Clare Gill, Chief Regulatory and Corporate Affairs Officer at PEXA, said the aforementioned data is held by the land registry’s office.

While Gill acknowledged that her company holds “some data,” she said the process was strictly regulated.

Regarding whether it is in the public’s best interest for PEXA to hold sensitive data as a monopolistic business, Gill said it was a matter for policymakers to consider following the privatisation of the company.

“We make sure that we actually address what our customers need, [and] what our stakeholders need, but in relation to whether that’s appropriate or not, that really is a question for policymakers,” she said.

“All we say is that we believe we’re a responsible custodian of the data we hold. There’s a lot of data that is held by the land registry officers, which sometimes is perceived that we hold, but we don’t.”

At the same time, PEXA CEO Russell Cohen confirmed that the company does not sell any data it holds, which is a common practice among businesses.

“We do not sell property data. We have two separate businesses that deal specifically in property insights,” he said.

“They do not use PEXA data. They do not access the PEXA data. They do not monetise it anyway. They’re completely standalone and separate.”

Cohen’s comments were echoed by Gill, who said these two subsidiaries used data from the Australian Bureau of Statistics and commercially available data.

She also noted that it’s prohibited for PEXA to use the data it holds to support its subsidiary businesses under the current model operating rules.

Google LogoMark Us Preferred on Google
Alfred Bui
Alfred Bui
Author
Alfred Bui is an Australian reporter based in Melbourne and focuses on local and business news. He is a former small business owner and has two master’s degrees in business and business law. Contact him at [email protected].