Job applicants' data exposed in PageUp breach
The names, contact details, phone numbers and job history of historical clients of online recruitment services company PageUp Limited may have been compromised in the data breach in May, the company has warned.
The breach, first disclosed by the company on 1 June, may have compromised the personal data of some users who had been using the site before 2007.
Investigation to date has found that a small number of error logs from before 2007 that may have been accessed by attackers stored incorrect failed passwords in clear text. Because failed passwords can be similar to correct passwords, this could therefore lead to a compromise of data.
Personal data that may have been exposed includes details on current and former employees of PageUp clients, job applicants and client job references. This potentially includes contact details, biographical details, employment details at the time of the application and the names and contact numbers of references.
No employment contracts, Australian tax file numbers, credit card information or bank account information, applicant resumes were affected in the breach, and there is not yet any indication that any data has been exfiltrated by the attacker.
The federal Attorney-General’s department confirmed to SBS news that some applicants at that agency may have been impacted by the incident.
In a joint statement, the Australian Cyber Security Centre, IDCARE and the Office of the Australian Privacy Commissioner praised PageUp’s proactive and transparent approach to disclosing the potential breach.
“PageUp has committed to advising impacted organisations and individuals if there are any new findings to arise as they complete their investigations,” ACSC Head Alastair MacGibbon said.
“PageUp has demonstrated a commendable level of transparency in how they’ve communicated about, and responded to, this incident: they came forward quickly and engaged openly with affected organisations.”
While IDCARE has assessed the direct risk of identity theft as a result of the incident as unlikely, it noted that other possible risks include exposure to phishing emails, telephone scam calls and other privacy concerns.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.