Security Market Segment LS
Wednesday, 06 June 2018 15:58

HR firm PageUp People hit by massive data breach due to malware Featured


HR company PageUp People has suffered a huge data breach due to a malware infection and could have leaked details of personnel from a number of companies which are its clients: the Commonwealth Bank. the Australian Broadcasting Corporation, Telstra, NAB, Coles, Aldi, Medibank, Australia Post, Target, Reserve Bank of Australia, Officeworks, Kmart, Linfox, AMP, Asahi, Sony, Newcrest, the University of Tasmania and Lindt.

The company said in a statement on its website that the breach had been noticed on 23 May and five days later investigations showed that client data may have been compromised.

Chief executive and co-founder Karen Cariss said a third party was providing assistance in a forensic probe into the breach.

"...we can share that the source of the incident was a malware infection," Cariss said. "The malware has been eradicated from our systems and we have confirmed that our anti-malware signatures can now detect the malware. We see no further signs of malicious or unauthorised activity and are confident in this assessment."

She said that if personal data had been leaked, then it could include name, contact details, ID and authentication data such as usernames and passwords which had been encrypted.

The Australian Cyber Security Centre, Australia's CERT, and the UK National Cyber Security Centre had been informed, Cariss said, adding that PageUp was liaising with the Office of the Australian Information Commissioner.

Australia Post said it was "managing an issue following advice from PageUp, a third-party supplier that has helped us process external job applications since October 2016, that they’ve experienced a system breach".

It added that it had shut down its careers website. Also shutting down jobs websites were Telstra and AGL.

Coles said it had suspended all connections between its systems and those of PageUp until it gauged the extent of the breach.

"We have asked for urgent responses from PageUp and are also conducting our own investigations," the supermarket said in a statement.

"Coles is not currently aware of any fraudulent activity relating to anyone's data occurring as a result of the security breach.

"However, we recommend that any person who has applied online for a position with Coles in the past 18 months check to ensure that there has been no recent unusual activity concerning their personal information and maintain a close watch on the use of their personal information."

Commenting on the breach, Tony Smales, chief executive of security outfit Forticode, said: "An unfortunate side-effect for them will be the loss of trust in their brand and service."

He said as PageUp had a global customer base, the company would come under both Australia's mandatory data breach law and also the General Data Protection Regulation in the EU "where the fines can be significant – especially if health, financial or government associated information is breached such as social security".

Smales said as people would have provided personal and identifying information (such as past workplaces, contact details for referees, birthplace and addresses) to PageUp, the breach would directly affect not just them, "but the entire industry which places trust in these services".

Additional implications were the fact that a complete profile could be built from the data that had leaked, he said. "A thought I often have in this age is when such a fraud event occurs, who will the insurance companies come after? This is on top of any legislative events or fines issued by government.

"If Company A loses your TFN and then a fraud event happens with the ATO, using that TFN, who should ultimately shoulder the accountability associated to that event? The company that asked you to put your information into Company A? Company A itself? The Insurer? You? Or the ATO? It’s a bit of a hornets' nest."

Smales added that it would be possible for those whose details had been leaked to be easily drawn into phishing scams.

Read 6750 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News