Australia Post is warning employees that their personal information may have been compromised after a possible breach of data held by cloud-based human resources (HR) software provider PageUp.
The Australian software-as-a-service vendor has revealed that its clients' data may have been compromised after the company detected "unusual activity" in May.
The company's system was infected with malware, which has subsequently been removed, according to the software vendor.
PageUp's customers include Telstra, Michael Hill, Linfox Armguard Group and Australia Post.
On 5 June, the Australia Post advised that it was writing to all employees whose applications had come through the system since it began using PageUp to let them know how the potential breach may affect them.
"We recommend that they and others who have used our online recruitment system from October 2016 check that there has been no unusual activity concerning their personal information," the Australia Post advised.
PageUp informed customers that details such as name and contact details of users could have been breached as well as usernames and passwords. However, passwords were encrypted, the company said.
Australia Post revealed that the information that may have been breached is extended in the case of successful applicants, and would have included personal information such as bank details, tax file number and superannuation details, diversity information, emergency contact information, conditions of offer and employment and other details.
Telstra advised it has suspended the use of PageUp services while the investigations into the issue takes place.
"This includes all current recruitment activity that has not been progressed past a written offer being placed on hold," the telco said in a blog post on 6 June.
At this stage, it is unsure how the malware had access to PageUp's system, as the software vendor is unable to give details while the investigation is ongoing.
On its website, PageUp said that it had detected unusual activity on 23 May and immediately launched a forensic investigation.
Five days later, the initial investigation indicated that client data may have been compromised. Investigations are still ongoing the company said.
PageUp said that there is currently no evidence of an active threat and the jobs website can continued to be used. The company also stressed that all passwords were encrypted, but encouraged users to change their current passwords.
"We take cyber security very seriously and have been working together with international law enforcement, government authorities and independent security experts to fully investigate the matter," the company said.
PageUp informed the Australian Cyber Security Centre (ACSC) and engaged with Australia’s Computer Emergency Response Team (CERT) about the malware infection and the Office of the Australian Information Commissioner (OAIC). The company said that the Australian Federal Police may be notified.
The company, which is headquartered in Victoria with a presence in the UK, the US, Hong Kong, Singapore and the Philippines, also informed the UK Information Commissioner’s Office (ICO). PageUp will also be informing the UK National Cyber Security Centre (NCSC).
PageUp said that documents, including signed employment contracts and resumes, are stored on different infrastructure and therefore could not have been affected.
Australia Post's warning about the PageUp issue comes as online genealogy platform My Heritage reveals that it had been advised by a security research of a file named myheritage containing email addresses and hashed passwords, on a private server outside of MyHeritage.
My Heritage confirmed on 4 June that the contents in the file came from MyHeritage and included all the email addresses of more than 92 million users who signed up to MyHeritage up to 26 October 2017, and their hashed passwords.
"There has been no evidence that the data in the file was ever used by the perpetrators," the company said in a statement. "Since Oct 26, 2017 (the date of the breach) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised."