Human resources company, PageUp, admits to “unusual activity” in its IT infrastructure, which could potentially compromise the bank, tax and personal details of thousands of major Australian businesses and individuals.
The HR systems provider, who reportedly has two million active users across 190 countries, has issued a statement saying its IT system could have been breached on May 23, with Australia Post claiming Tax File Numbers, superannuation details, home addresses and drivers license details could have been exposed to hackers.
PageUp deals directly with a number of Australian retailers, including the likes of Target, Kmart, Coles, and Officeworks, as well as big-name businesses, such as the Reserve Bank of Australia, NAB and Australia Post.
Any individuals who have applied for a job with these businesses, or via the PageUp HR software, could have had their personal information stolen.
In most instances, it’s believed the names and email addresses of job applicants is the only data that’s likely to have been compromised. However, in light of strict Mandatory Data Breach Reporting laws, which have been in place since February, the company is reportedly taking every step to ensure the security of its clients’ details.
PageUp’s Chief Executive, Karin Cariss has confirmed that an investigation has been launched and that emergency statements have been released to its clients. It’s believed any businesses who run recruitment through the HR software are also issuing statements to employees and candidates who have applied for a job via the software system in the past.
Australia Post is among the businesses advising job applicants of the issue.
“As a proactive step, we have also ceased use of PageUp’s systems, while we seek assurance from PageUp about data security,” an Australia Post spokesperson said.
A statement has also been issued on Coles’ career page on its website, acknowledging its use of the ‘compromised’ software, saying the company has “suspended all connections” between its own systems and that of PageUp.
According to the ABC, cyber security expert, Nigel Phair, has said this appears to be the first major incident since the new data breach laws were enforced.
As part of the new Australian laws, any businesses who suspect their systems have been breached must immediately report the incident to the Australian Cyber Security Centre and any clients who could have been affected.