PageUp IT breach story ropes in big transport firms
Linfox and Australia Post have been swept up in a malware breach at human resources services firm PageUp, after the talent management system was compromised
LINFOX AND AUSTRALIA POST have been swept up in a malware breach at human resources services firm PageUp, after the talent management system was compromised at the cloud-based software purveyor.
PageUp counts Linfox and Australia Post amongst its clients and features Linfox and subsidiary Armaguard testimonials on its website.
Australia Post told ATN that it is “urgently” seeking clarity from PageUp to determine if any personal information had been compromised by the job application system breach.
It told applicants that information such as bank details, tax file numbers and superannuation details may have been at risk, the Australian Financial
Review reports. “We are in the process of contacting job applicants to notify them of this incident and to advise them of steps to prevent any potential misuse of information. As a proactive step, we have also ceased use of PageUp’s systems while we seek assurances from PageUp about data security,” a spokesperson told ATN.
“Australia Post has also notified the Office of the Australian Information Commissioner (OAIC) of the matter.”
In a statement, Linfox says it had not been able to confirm whether data from its job applicants had been compromised, adding that it was seeking further information about the breach.
“Once we know the extent of the issue we will email all applicants whose applications have been submitted through PageUp to let them know how this issue may affect them,” it says.
In the meantime, it had also deactivated its PageUp system, removed access to its systems from the website and brought together a cross-functional team to manage the issue.
PageUp says there was no evidence there was still an active threat to its system and that the jobs website could continue to be used.
“On May 23, 2018, PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation,” it says.
“On May 28, 2018 our investigations revealed that we have some indicators that client data may have been compromised, a forensic investigation with assistance from an independent 3rd party is currently ongoing.
“We take cyber security very seriously and have been working together with international law enforcement, government authorities and independent security experts to fully investigate the matter,” the company says.