PageUp IT breach story ropes in big trans­port firms

Australian Transport News - - CONTENTS -

Lin­fox and Aus­tralia Post have been swept up in a mal­ware breach at hu­man re­sources ser­vices firm PageUp, af­ter the tal­ent man­age­ment sys­tem was com­pro­mised

LIN­FOX AND AUS­TRALIA POST have been swept up in a mal­ware breach at hu­man re­sources ser­vices firm PageUp, af­ter the tal­ent man­age­ment sys­tem was com­pro­mised at the cloud-based soft­ware pur­veyor.

PageUp counts Lin­fox and Aus­tralia Post amongst its clients and fea­tures Lin­fox and sub­sidiary Ar­ma­guard tes­ti­mo­ni­als on its web­site.

Aus­tralia Post told ATN that it is “ur­gently” seek­ing clar­ity from PageUp to de­ter­mine if any per­sonal in­for­ma­tion had been com­pro­mised by the job ap­pli­ca­tion sys­tem breach.

It told ap­pli­cants that in­for­ma­tion such as bank de­tails, tax file num­bers and su­per­an­nu­a­tion de­tails may have been at risk, the Aus­tralian Fi­nan­cial

Re­view re­ports. “We are in the process of con­tact­ing job ap­pli­cants to no­tify them of this in­ci­dent and to ad­vise them of steps to pre­vent any po­ten­tial mis­use of in­for­ma­tion. As a proac­tive step, we have also ceased use of PageUp’s sys­tems while we seek as­sur­ances from PageUp about data se­cu­rity,” a spokesper­son told ATN.

“Aus­tralia Post has also no­ti­fied the Of­fice of the Aus­tralian In­for­ma­tion Com­mis­sioner (OAIC) of the mat­ter.”

In a state­ment, Lin­fox says it had not been able to con­firm whether data from its job ap­pli­cants had been com­pro­mised, adding that it was seek­ing fur­ther in­for­ma­tion about the breach.

“Once we know the ex­tent of the is­sue we will email all ap­pli­cants whose ap­pli­ca­tions have been sub­mit­ted through PageUp to let them know how this is­sue may af­fect them,” it says.

In the mean­time, it had also de­ac­ti­vated its PageUp sys­tem, re­moved ac­cess to its sys­tems from the web­site and brought to­gether a cross-func­tional team to man­age the is­sue.

PageUp says there was no ev­i­dence there was still an ac­tive threat to its sys­tem and that the jobs web­site could con­tinue to be used.

“On May 23, 2018, PageUp de­tected un­usual ac­tiv­ity on its IT in­fra­struc­ture and im­me­di­ately launched a foren­sic in­ves­ti­ga­tion,” it says.

“On May 28, 2018 our in­ves­ti­ga­tions re­vealed that we have some in­di­ca­tors that client data may have been com­pro­mised, a foren­sic in­ves­ti­ga­tion with as­sis­tance from an in­de­pen­dent 3rd party is cur­rently on­go­ing.

“We take cy­ber se­cu­rity very se­ri­ously and have been work­ing to­gether with in­ter­na­tional law en­force­ment, gov­ern­ment au­thor­i­ties and in­de­pen­dent se­cu­rity ex­perts to fully in­ves­ti­gate the mat­ter,” the com­pany says.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.