Australia’s dominant digital property settlement platform, PEXA, has revealed that it thwarted over six million attempts to invade its system in the last financial year.
At a recent parliamentary inquiry, Eglantine Etiemble, Group Chief Technology Officer at PEXA, raised concerns that her company has been subjected to increased cybersecurity risks.
“We have seen the risk increasing. Last year, we had to stop 6.5 million intrusion attempts,” she told the Economics References Committee.
“This is very consistent with the pressure we are seeing both on the financial market and particularly in Australia. So we are in the eye of the storm.”
This represented a 25 percent increase from 2023 and the highest annual total since the introduction of mandatory data breach notification requirements in 2018.
To counter rising threats, Etiemble said PEXA has invested nearly $10 million (US$6.61 million) in cybersecurity, with spending to increase in the coming period.
“We have a series of certifications and compliance that we are monitoring very carefully, [and] we are having quite sophisticated approaches in terms of encryption, segregation of data, classification of our data, etc,” she said.
“When it comes to the conversation and the engagement in [the prudential standard] CPS 230, there are really two things that we have been looking at—the clarity and the demonstration that our data are well and safely guarded, [and] how we recover from the platform from a disaster recovery.”
PEXA Says It’s a Responsible Data Custodian
A committee member questioned PEXA about the implications of its control over nationwide data on property ownership, transactions, mortgages, and settlements, and whether it is appropriate for the company to do so given its monopoly over Australia’s e-conveyancing market.In response, Clare Gill, Chief Regulatory and Corporate Affairs Officer at PEXA, said the aforementioned data is held by the land registry’s office.
While Gill acknowledged that her company holds “some data,” she said the process was strictly regulated.
Regarding whether it is in the public’s best interest for PEXA to hold sensitive data as a monopolistic business, Gill said it was a matter for policymakers to consider following the privatisation of the company.
“We make sure that we actually address what our customers need, [and] what our stakeholders need, but in relation to whether that’s appropriate or not, that really is a question for policymakers,” she said.
“All we say is that we believe we’re a responsible custodian of the data we hold. There’s a lot of data that is held by the land registry officers, which sometimes is perceived that we hold, but we don’t.”
At the same time, PEXA CEO Russell Cohen confirmed that the company does not sell any data it holds, which is a common practice among businesses.
“We do not sell property data. We have two separate businesses that deal specifically in property insights,” he said.
“They do not use PEXA data. They do not access the PEXA data. They do not monetise it anyway. They’re completely standalone and separate.”
Cohen’s comments were echoed by Gill, who said these two subsidiaries used data from the Australian Bureau of Statistics and commercially available data.
She also noted that it’s prohibited for PEXA to use the data it holds to support its subsidiary businesses under the current model operating rules.







