The Office of the Australian Information Commissioner (OAIC) has confirmed it is in contact with the Australian Cyber Security Centre over the suspected compromise of client data involving PageUp People Limited, the provider of human resources services for a number of Australian entities.
In a released statement, Karen Cariss, CEO and Co-Founder of PageUp stated that on May 23, 2018, the company detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. Five days later the investigations revealed indicators that client data may have been compromised. An independent third party investigation is currently ongoing and company noted it is also working with international law enforcement and government authorities.
Despite the reported compromise, the company has confirmed, “There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.”
The Notifiable Data Breaches (NDB) scheme commenced on 22 February 2018 and requires organisations to notify affected individuals and the OAIC where there is a likely risk of serious harm to any of the individuals whose personal information is involved in an eligible data breach.
The OAIC has published a number of resources for those affected by a data breach and action they can take: https://www.oaic.gov.au/individuals/data-breach-guidance.
If anyone has concerns about this incident they can, in the first instance, contact PageUp at security-enquiries@pageuppeople.com, and if not satisfied with their response they can contact the OAIC at www.oaic.gov.au or on 1300 363 992.
