Job sites hit by PageUp breach
Major firms are pulling pages provided by recruitment company PageUp after reports client data may have been compromised.
Australia’s top universities, AusPost, Medibank, Coles, Telstra, Jetstar, Target, NAB, Suncorp, Commonwealth Bank, Lindt, Aldi, and the Reserve Bank of Australia were all affected by the breach, leading many to temporarily halt their jobs pages.
PageUp’s systems were reportedly compromised by malware that allowed an unknown third party to access some internal systems.
The company says documents “including signed employment contracts and resumes” that it collected are “stored on different infrastructure” that was not improperly accessed.
Part of the reason the breach came to light is because of mandatory data breach notification laws, which now require businesses and agencies covered by the Privacy Act to announce when they are affected by a data breach.
“We have notified the Australian Cyber Security Centre (ACSC) and engaged with Australia’s Computer Emergency Response Team (CERT), who may notify the Australian Federal Police,” PageUp said.
The ABC has added a message to its careers site saying it has been suspended “to ensure we can protect candidate data”.
“As soon as this is operational, we will resume advertising vacant roles. In the meantime we cannot accept any applications.”
Bankwest’s careers page says applications are “closed”, while both Myer and David Jones say they have taken the “precautionary” measure of closing their jobs pages.
Local government pages including the City of Yarra, City of Monash, Mitchell Shire Council and the City of Casey have taken similar precautions, while the Tasmanian Government has put recruitment on hold too.