Job portal’s BP breach affects 60k
BP says a hack of its online recruitment portal has compromised the data of more job applicants than initially suspected.
The fuel company has emailed about 60,000 people who applied for jobs in its retail stores since 2008 to notify them they could have had their personal information accessed by hackers. BP originally thought about 10,000 applicants’ data had been breached.
The company’s online recruitment provider, PageUp, an Australian company with 2.6 million users in 190 countries, first detected the breach on May 23.
BP spokeswoman Anna Radich said the company was initially told only those who had applied for jobs at retail establishments in the past 18 months could have had their name, email and home address, birthday, gender, country of residence, employment details and phone number accessed by an ‘‘unauthorised third party’’.
Radich said BP sent out an email at that time warning about 9500 people who had applied for jobs in BP stores that their data was compromised.
But an email sent out on Wednesday to another 50,000 affected BP applicants, which was obtained by Stuff, came after recent revelations from PageUp’s forensic investigations found that anyone who had applied for jobs at BP retail establishments since 2008 could have had their data compromised.
PageUp’s website said the personal details of references listed on job applications were also affected.
The company said it was ‘‘confident’’ that resumes, financial information, tax file numbers, employee performance reports and employment contracts were not affected by the incident.
In subsequent forensic investigations it was discovered that personal data of employees, or former employees of any company that used the online portal as well as job applicants who had used the portal, may have been affected.
PageUp found names, email addresses, physical addresses, employment details and phone numbers could have been accessed in the cyber security breach.
The company’s statement on the ‘‘data incident’’ advised that anyone who had used the job portal prior to 2007 could have also had their password compromised.
BP advised past job applicants that ‘‘at this stage there is no evidence the data was extracted, only accessed’’.
It has recommenced the use of the job portal since independent cybersecurity experts have confirmed it is safe to use.
Office of the Privacy Commissioner spokesman Sam Williams said it was not yet known whose information was accessed and whether the data was extracted or used. Sixty companies that contribute almost half of New Zealand’s greenhouse gas emissions are pledging to help the country reach its net zero emissions target by 2050.
The businesses’ chief executives have formed the Climate Leaders Coalition following talks with the Sustainable Business Council. The group includes leaders of Z Energy, Westpac, Nga¯ i Tahu Holdings, Vector, Air New Zealand, Spark and New Zealand Post.
By signing the CEO Climate Change Statement, each of the business leaders has committed to measuring and reporting their greenhouse gas emissions and working with suppliers to reduce emissions, with the aim of helping to keep global warming within 2 degrees Celsius, as specified in the Paris Agreement.
The businesses will individually set targets to reduce their emissions and will report on progress annually. Most businesses involved in the coalition are already reporting their targets to reduce emissions.
Z Energy chief executive Mike Bennetts, leading the collective commitment, said it would be up to consumers, media and the general public to hold each business involved in the coalition accountable for every emission reduction report they put out.
‘‘When it comes to emissions, customers want to know what the businesses they are shopping at are doing. It will come down to