On Tuesday, 28th October 2025, we detected unusual activity on our website by an unknown third-party. We took immediate steps and blocked the activity; and since then, no additional access has been identified through our security monitoring processes.  

As part of that incident, we can confirm that personal information was accessed for 26,005 individuals. If you were one of the affected individuals, an email was sent to your provided email on Monday, 3rd November 2025.

What specific data was accessed?

Our cyber security team has undertaken an investigation and we can confirm that the following types of personal information were accessed:

For impacted registered users (“consumers”), some or all of the following: 

• Name
• Email address
• Telephone Number
• Property Address

For impacted agents (“agents”), some or all of the following: 

• Name
• Business Email address
• Business Telephone Number
• Agency Name

As a reminder, no credit card details, personal financial information, passwords or identity details (e.g. driver’s licence) are collected or stored within OpenAgent’s database.

What steps can I take to protect myself?

If you have been affected, we recommend that you take the following general precautionary steps and remain alert to any misuse of your personal information:

• Remain vigilant against any suspicious contact, especially through email, text messages or telephone calls in relation to agent recommendations. 
  • If you are a consumer, OpenAgent provides you with a free agent recommendation service. We will not contact you to request financial information or payments. If you receive communication from OpenAgent requesting information, including payment of an invoice or banking details, it is a scam.
  • If you have appointed a real estate agent or are in discussions with real estate agents, please contact them directly if anything looks suspicious. 
• If you are an agent, communications from OpenAgent regarding leads will come from updates@mg.openagent.com.au. Any billing requests or invoices will only come from messaging-service@post.xero.com. If you receive an invoice or request for payment details from an alternate email, you can contact us on agents@openagent.com.au to verify its authenticity.
• In all circumstances, always independently verify the identity of the caller by contacting them on a number available through official channels. 
• Implement two-factor (or multi-factor) authentication, such as using an authenticator app, for your personal email and all other online accounts where it is available.
• Stay informed and regularly check for news, alerts and advisories:
  • The Australian Cyber Security Centre. You can sign up for alerts at https://www.cyber.gov.au/about-us/register.   
  • The National Anti-Scam Centre's Scamwatch webpage. Customers who believe they have been targeted by scammers should report it to Scamwatch here: https://www.scamwatch.gov.au/report-a-scam.
• Visit IDCARE's Learning Centre. If you are concerned about identity theft, you can contact IDCARE through their online Get Help form.
• Visit the Office of the Australian Information Commissioner website for additional information and tools to help safeguard your personal information.

Support available

You put your trust in us with your personal information, and we take that responsibility very seriously. If you have any concerns or questions, please contact our team on our dedicated helpline:

Email: cyber@openagent.com.au
Phone: +61291000060

We sincerely apologise for this unfortunate situation.

Regards,
Zoe & Jo
Co-CEOs OpenAgent