Australian HR Company PageUp Affected by Malware Infection
- A malware infection in one of the biggest HR providers in the world has affected hundreds of companies.
- Security investigation in May revealed that client information was compromised by a malware infection and the breach has trickled down to companies across the world.
- Breach notifications have been sent out to clients by the company with temporary solutions being put in place to prevent further data theft.
PageUp, one of the largest HR companies in the world was affected by a large-scale data breach last month which may impact hundreds of clients. The Australian company’s security team identified a breach in the security systems on May 23 and initiated an investigation. The security team reported on May 28 after finishing the preliminary stages of the examination that client data has been compromised and can have far-reaching effects companies all over the world.
PageUp is a platform that is known to offer human resource services for clients ranging from large-scale businesses to government institutions. Staffing, Recruiting, Cloud Infrastructure and Job listings are just some of the services on offer, and they all require heaps of personal information being stored on the website’s servers. Some of the biggest clients include Telstra, Australia Post, Target, Kmart and the Tasmanian government. The breach not only affects the clients but also applicants for job listings all over the globe.
Image Courtesy of PageUp People
The company sent out notifications to all clients and requested all employees and job applicants to be notified of the breach. PageUp does not know yet what data has been stolen yet as customer data varies from client to client and further investigation is required to analyze the impact of the breach. Australia's Privacy Act Notifiable Data Breaches (NDB) scheme and EU’s GDPR policy required the HR company to go public with the breach notification today promising to publish more details on the incident as the investigations end.
To prevent a similar breach from happening, the HR company has removed the malware from the systems. Client passwords have been encrypted and salted, and users who have accounts on the website have been requested to change their passwords as a safety precaution.