News

PageUp admits personal data “probably” accessed

Australian software-as-a-service provider, PageUp on Tuesday finally admitted that customer data was “probably” accessed following a data breach last month.​

By Byron Connolly Jun 13th 2018

Australian software-as-a-service provider, PageUp on Tuesday finally admitted that customer data was “probably” accessed following a data breach last month.

On June 6, PageUp – which provides HR software to more than 2.6 million users in 190 countries – said it had detected unusual activity on its IT infrastructure on 23 May. Since then, Jetstar, the Tasmanian government, Telstra and other organisations have temporarily suspended their use of the PageUp platform. Australia Post also warned its staff that their personal information may have been compromised.

In a statement, PageUp CEO, Karen Cariss said: “While investigations continue, on the balance of probabilities, we believe personal data relating to our clients, placement agencies, applicants, references and our employees has been accessed.”

Cariss said the company is continuing to run forensic analysis but based on current information, it believes data may include names, street and email addresses, and telephone numbers.

“Some employee usernames and passwords may have been accessed, however current password data is protected using industry best practice techniques including hashing and salting and therefore is considered to be of very low risk to individuals,” Cariss said.

“No employment contracts, applicant resumes, Australian tax file numbers, credit card information or bank account information were affected. No data contained in onboarding, performance, learning, compensation or succession modules was affected.”

Cariss added that the Australian Cyber Security Centre, Australian Federal Police and multiple independent expert cyber security firms continue to work with the company to address the incident.

“We take privacy very seriously and are doing everything in our power to make our systems and security processes – and most importantly the data we hold – more secure now and for the long term. We sincerely apologise to our clients, applicants and employees who may be affected by this incident,” said Cariss.

Late last week, Sydney law firm Centennial Lawyers said it was considering initiating a class action against PageUp.

Read more: Sydney law firm considers class action against PageUp

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_AustraliaFacebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Follow Byron Connolly on Twitter: @ByronConnolly