PageUP Data Breach

Posted by on Sep 3, 2018 in Info, Security Incidents
No Comments

PageUP?

PageUP is a cloud-based talent management software provider, their software help organisations across the globe to manage their entire employee lifecycle in a single end-to-end system. They serve a global client base across 190 countries – including several Fortune 500 employers – through offices in New York, London, Singapore, Hong Kong, Manila, Melbourne and Sydney.

 

What happened?

On 17 June 2018 PageUP’s CEO and Co-founder posted a statement saying that they have noticed “unusual activity” in their IT infrastructure on 23rd May 2018. It further says that The Company has launched an investigation, while its client companies also released emergency statements to their employees and candidates who had applied for jobs using PageUP’s software.

 

Who is affected?

People who used career portals of the following companies. This is only a small list of Australian companies that use PageUP’s software for recruitment. Please check the careers portals of any company, government department or university where you have applied for a job in the past few years to see if they have posted a notification about the breach.

  • Wesfarmers: Coles, Target, Kmart, Officeworks
  • NAB
  • Telstra
  • Commonwealth Bank
  • Lindt
  • Aldi
  • Linfox
  • Reserve Bank of Australia
  • Australia Post
  • Medibank
  • ABC
  • Australian Red Cross
  • University of Tasmania
  • AGL
  • Jetstar

 

What data was obtained through this incident?

According to PageUP, their Forensic experts have identified that compromised data may be the following.

 

  • Contact details including name, email address, physical address, and telephone number
  • Biographical details including gender, date of birth, and middle name (if applicable), nationality, and whether the applicant was a local resident at the time of the application
  • Employment details at the time of the application, including employment status, company and title.
  • If the application was submitted for a reference check, then the following additional details may have been provided by the reference: technical skills, special skills, team size, length of tenure with company, reason for leaving that position (if applicable), and the length of relationship between the applicant and reference
  • For references who were included with an applicant’s information, contact information (including name, email address, physical address, and telephone number) and employment information at the time the reference was provided (including company, title, and the length of the relationship with the applicant) are affected.

 

Bank Details and TFN?

In some cases, bank details, TFN and superannuation details and drivers license number could be a part of the breach where the applicants were successful in getting the job.

 

Recommendations for people who are affected?

If you are concerned your data may have been accessed by an unauthorised party, we advise you perform the following good security practices:

  • Change your passwords on other online services, if you re-use the same password
  • Enable multi-factor authentication and other available security measures provided by your other online services
  • Be aware of potential phishing emails and telephone calls from businesses or institutions requesting your personal details. Avoid opening attachments from unknown senders via email or social media
  • Install anti-virus software and keep it updated
  • Apply all recommended software patches from operating system and software providers.
  • If you are concerned your bank details may be compromised, contact your bank and tell them what has happened
  • If you suspect your tax file number might be involved in a data breach contact the Australian Taxation Office

 

 

REFERENCES

Pageuppeople.com. (2018). [online] Available at: https://www.pageuppeople.com/unauthorised-activity-on-it-system/ [Accessed 3 Sep. 2018].

ABC News. (2018). What to do if you fear your details may have been compromised. [online] Available at: http://www.abc.net.au/news/2018-06-06/what-to-do-job-seeker-privacy-breach/9842474 [Accessed 3 Sep. 2018].

Reply