Se­cu­rity rush af­ter re­cruit­ment hack

Marlborough Express - - FRONT PAGE -

Health in­surer Nib has sus­pended use of third-party e-re­cruit­ment plat­form Pageup fol­low­ing news that job ap­pli­cants’ data was hacked.

Nib New Zealand chief ex­ec­u­tive Rob Hen­nin said the com­pany, which had been us­ing Pageup since 2016, was made aware two weeks ago of a data se­cu­rity in­ci­dent.

He said cus­tomer in­for­ma­tion had not been af­fected by the hack.

Pageup, which has 2.6 mil­lion users in 190 coun­tries, con­firmed its client data was ac­cessed by ‘‘unau­tho­rised per­sons’’ in a May 23 mal­ware at­tack.

Syd­ney-based Pageup said on its web­site that job ap­pli­cants’, em­ploy­ees’ and for­mer em­ploy­ees’ names, email and phys­i­cal ad­dresses, phone num­bers, bio­graph­i­cal de­tails such as date of birth, gen­der, coun­try of res­i­dence, and em­ploy­ment de­tails might have been com­pro­mised.

But no em­ploy­ment con­tracts, ap­pli­cant re­sumes, tax file num­bers, credit card in­for­ma­tion or bank ac­count in­for­ma­tion were af­fected.

Pageup said the hack had been erad­i­cated and cy­ber-se­cu­rity pro­fes­sion­als were re­view­ing its sys­tems to im­prove se­cu­rity.

As­so­ciate Pro­fes­sor Lech Janczewski, an in­for­ma­tion se­cu­rity ex­pert at the Univer­sity of Auck­land, said there wasn’t much ap­pli­cants us­ing on­line re­cruit­ment plat­forms could do.

But in this par­tic­u­lar breach, peo­ple could take comfort in know­ing most of the in­for­ma­tion hacked was al­ready pub­licly avail­able, he said.

‘‘For the most part it is a big storm in a teacup, be­cause if you search any­one up you will get all that in­for­ma­tion any­way,’’ Janczewski said.

‘‘The new laws in Europe [Gen­eral Data Pro­tec­tion Reg­u­la­tion] have greater pro­tec­tion of per­sonal in­for­ma­tion as com­pa­nies could face fines in the mil­lions for data breaches.

‘‘But there’s not much a job ap­pli­cant can do. If you are ap­ply­ing for a job on­line you are ex­pos­ing your­self to that risk, so it’s the web­site user’s re­spon­si­bil­ity.’’

Build­ing com­pany Downer has also dis­abled its re­cruit­ment data­base as a re­sult of the Pageup data breach.

Pub­lish­ing group Bauer Me­dia and in­sur­ance com­pany Zurich have also been con­tacted.

On Mon­day re­tail com­pany Kath­mandu and Aus­tralian air­line Jet­star emailed job ap­pli­cants to ad­vise their pri­vacy may have been breached.

Nei­ther com­pany had been ad­vised of any spe­cific breach of data pro­vided by Jet­star or Kath­mandu job can­di­dates, the emails said.

‘‘Whilst we are still wait­ing for a re­sponse from Pageup to con­firm, in re­la­tion to Kath­mandu job ap­pli­cants, the spe­cific data and spe­cific in­di­vid­u­als im­pacted, (amongst other in­for­ma­tion re­quests) we are con­tact­ing all in­di­vid­u­als who could have been af­fected through ap­ply­ing for a job at Kath­mandu,’’ Kath­mandu’s email said.

How­ever, both Kath­mandu and Jet­star urged job ap­pli­cants to change their pass­words and check there had been no un­usual ac­tiv­ity con­cern­ing their per­sonal in­for­ma­tion.

Kath­mandu used Pageup be­tween 2015 and May 2018.

Jet­star said Pageup ‘‘for­merly’’ pro­vided IT ser­vices used in its re­cruit­ment process and it now uses an­other e-re­cruit­ment web­site, Work­day.

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.