‘We weren’t hacked’: PEXA responds to theft of home sale funds

Recent media reports have revealed that former MasterChef contestant Dani Venn was the victim of a hacker attack. The criminals allegedly stole $250,000 from the sale of Ms Venn’s property by diverting the settlement funds into a fraudulent bank account set up by the hackers.

It is understood that the hackers gained access to Ms Venn’s conveyancer’s email account, accessed emails from PEXA and added themselves to the PEXA system as a user.

The news comes as a significant blow to the e-conveyancing platform, which is owned by a number of Australian banks and state governments. PEXA has been busy preparing for an ASX listing reportedly worth $1 billion.

PEXA’s acting CEO, James Ruddock, said that once the group found out about the situation, it offered Ms Venn a loan to cover the full amount remaining of the missing funds on an interest-free basis so she could settle on her new property without further delay.

“It made sense to us to help Ms Venn and her family through this while her practitioner works through his insurance claim,” the CEO said.

“That offer still stands and we are happy to get it all moving right now. We feel for Dani and her family. We weren’t hacked — and Dani’s family were the victims of a cyber fraud. Perhaps working together, we can get her settlement done and her family into their new home.”

According to Mr Ruddock, when PEXA was alerted to the fraud late last week, the company immediately increased its monitoring of potential unusual activity surrounding password resets, new user creations and changes to BSB and account numbers.

“We have been actively contacting practitioners to confirm any such activity is legitimate. No new instances of this fraud have been found and these continue to be isolated incidents.”

Mr Ruddock stressed that the PEXA system itself wasn’t hacked. Nevertheless, the group has begun work with the network, developing additional alerts and processes to further enhance confidence in the system.

“As of this week, PEXA will only allow new users to be created in an inactive status, meaning PEXA itself will need to enable them. In addition, we’ll be adding a feature to the system which highlights the date, time and specific user that last updated the settlement schedule,” the CEO said.

“It’s important to note that funds cannot be misdirected unless the practitioner physically signs off on the fraudulent account details using their bespoke digital certificate and accompanying password. This would mean a final check of the details the practitioner is signing off on didn’t occur in the specific instances. Again, we have actively communicated to practitioners that this must occur.”

Over $150 billion worth of property has been transacted electronically via PEXA since it was established in 2010 to fulfil the Council of Australian Governments’ (COAG) initiative to deliver a single, national e-conveyancing solution to the Australian property industry. It was originally known as National e-Conveyancing Development Limited.

Its dominance of the electronic property settlement could soon be rocked by the announcement of a competitor earlier this month, a joint venture called Sympli forged by the ASX Limited and ATI, which owns InfoTrack. 

The new company says that the electronic property settlement industry in Australia is estimated to have potential revenues in excess of $200 million.

Meanwhile, Sympli expects to begin operations towards the end of 2018, subject to regulatory approvals, and the ASX expects to invest approximately $30 million in the new venture over this and the next two financial years.

[Related: ASX, Infotrack to take on PEXA]