Security rush after recruitment hack
Health insurer Nib has suspended use of third-party e-recruitment platform PageUp following news that job applicants’ data was hacked.
Nib New Zealand chief executive Rob Hennin said the company, which had been using PageUp since 2016, was made aware two weeks ago of a data security incident.
He said customer information had not been affected by the hack.
PageUp, which has 2.6 million users in 190 countries, confirmed its client data was accessed by ‘‘unauthorised persons’’ in a May 23 malware attack.
Sydney-based PageUp said on its website that job applicants’, employees’ and former employees’ names, email and physical addresses, phone numbers, biographical details such as date of birth, gender, country of residence, and employment details might have been compromised.
But no employment contracts, applicant resumes, tax file numbers, credit card information or bank account information were affected.
PageUp said the hack had been eradicated and cyber-security professionals were reviewing its systems to improve security.
Associate Professor Lech Janczewski, an information security expert at the University of Auckland, said there wasn’t much applicants using online recruitment platforms could do.
But in this particular breach, people could take comfort in knowing most of the information hacked was already publicly available, he said.
‘‘For the most part it is a big storm in a teacup, because if you search anyone up you will get all that information anyway,’’ Janczewski said.
‘‘The new laws in Europe [General Data Protection Regulation] have greater protection of personal information as companies could face fines in the millions for data breaches.
‘‘But there’s not much a job applicant can do. If you are applying for a job online you are exposing yourself to that risk, so it’s the website user’s responsibility.’’
Building company Downer has also disabled its recruitment database as a result of the PageUp data breach.
Publishing group Bauer Media and insurance company Zurich have also been contacted.
On Monday retail company Kathmandu and Australian airline Jetstar emailed job applicants to advise their privacy may have been breached.
Neither company had been advised of any specific breach of data provided by Jetstar or Kathmandu job candidates, the emails said.
‘‘Whilst we are still waiting for a response from PageUp to confirm, in relation to Kathmandu job applicants, the specific data and specific individuals impacted, (amongst other information requests) we are contacting all individuals who could have been affected through applying for a job at Kathmandu,’’ Kathmandu’s email said.
However, both Kathmandu and Jetstar urged job applicants to change their passwords and check there had been no unusual activity concerning their personal information.
Kathmandu used PageUp between 2015 and May 2018.
Jetstar said PageUp ‘‘formerly’’ provided IT services used in its recruitment process and it now uses another e-recruitment website, Workday.