PageUp concedes personal customer data was probably accessed
- 12 June, 2018 12:22
Cloud-based human resources (HR) software provider PageUp has revealed that personal data relating to its clients, placement agencies, applicants, references and employees was probably accessed.
On 5 June, PageUp announced that its clients' data could have been compromised after the company detected "unusual activity" in 23 May.
The company's system was infected with malware, which has subsequently been removed, according to the software vendor.
Now, PageUp has said in a statement that, while the investigations are ongoing, the company believes data was accessed.
"While investigations continue, on the balance of probabilities, we believe certain personal data relating to our clients, placement agencies, applicants, references and our employees has been accessed," PageUp CEO and co-founder Karen Cariss explained.
Based on the information the company had at the time of writing, the data that was potentially accessed included names, street addresses, email addresses, and telephone numbers.
"Some employee usernames and passwords may have been accessed, however current password data is protected using industry best practice techniques including hashing and salting and therefore is considered to be of very low risk to individuals," Cariss said.
On 6 June, Australia Post warned employees that their personal information could have been compromised after PageUp's malware infection.
"We recommend that they and others who have used our online recruitment system from October 2016 check that there has been no unusual activity concerning their personal information," the Australia Post advised.
PageUp informed customers that details such as name and contact details of users could have been breached as well as usernames and passwords. However, passwords were encrypted, the company said.
Australia Post revealed that the information that may have been breached is extended in the case of successful applicants, and would have included personal information such as bank details, tax file number and superannuation details, diversity information, emergency contact information, conditions of offer and employment and other details.
On the same day, Telstra advised it has suspended the use of PageUp services while the investigations into the issue takes place.
PageUp said the threat has been contained and eradicated.
Sydney-based law firm Centennial Lawyers said on 8 June it is investigating the prospects of a class action against PageUp following the breach.
Centennial Lawyers has said it is reaching out to job seekers and employees of more than 15 companies as it explores the prospect of a class action against PageUp over the potential breach.
Centennial Lawyers is encouraging any employees or job applicants from the several companies thought to have been using the PageUp’s cloud-based software services to contact it as it investigates whether a class action against the software vendor is viable.