Sydney-based law firm Centennial Lawyers is investigating the prospects of a class action against Australian human resources software vendor PageUp, after it flagged a potential breach of clients’ data following a malware hit earlier this year.
Telstra, Jetstar and the Tasmanian Government are among several local organisations to have temporarily suspended their use of the PageUp platform, while Australia Post warned employees that their personal information may have been compromised.
PageUp informed customers that details such as name and contact details of users could have been breached as well as usernames and passwords following the "unusual activity" in May.
However, the company stressed that clients’ passwords were encrypted, the company said.
“There is no evidence that there is still an active threat, and the jobs website can continue to be used,” PageUp said on its website. “All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.”
Now, Centennial Lawyers has said it is reaching out to job seekers and employees of more than 15 companies as it explores the prospect of a class action against PageUp over the potential breach.
“While there have been major successful class actions in the US and Canada against Yahoo and Ashley Maddison for mass data breaches, similar class actions are only now starting to be issued in Australia,” Centennial Lawyers principal solicitor George Newhouse said.
“We are proud to be at the leading edge of this area of law to reaffirm the importance of protecting people’s data which contains personal, sensitive or confidential information,” he said.
Centennial Lawyers is encouraging any employees or job applicants from the several companies thought to have been using the PageUp’s cloud-based software services to contact it as it investigates whether a class action against the software vendor is viable.
The companies cited by Centennial Lawyers include Coles, Target, Kmart, Officeworks, National Australia Bank, Telstra, Lindt and Aldi.
The list also includes Linfox, the Reserve Bank of Australia, Australia Post, Medibank, the ABC, Australia Red Cross, the University of Tasmania and AGL.
Centennial Lawyers is no stranger to undertaking legal action over privacy issues, with the law firm last year filing a class action lawsuit against the NSW Ambulance Service in the Supreme Court of NSW.
The plaintiff in that case alleged that a contractor was allowed to access personal medical and workers compensation information of over 100 Ambulance Service employees.