Australian Software Provider Suffers Malware Hit
Australian software provider PageUp has revealed that its systems have been compromised following a malware attack.
The cloud-based HR software provider PageUp has revealed, in a statement released by Karen Cariss, the company’s CEO and Co-Founder, that there are indications that client data might have been compromised. The PageUp statement says- “On May 23, 2018, PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. On May 28, 2018 our investigations revealed that we have some indicators that client data may have been compromised, a forensic investigation with assistance from an independent 3rd party is currently ongoing.”
Australia Post (The Australian Postal Corporation), one among the large organizations that have been using PageUp, had released information on the potential data breach, saying, “Australia Post is managing an issue following advice from PageUp, a third party supplier that has helped us process external job applications since October 2016, that they’ve experienced a system breach. We are among a number of large organisations who have been using PageUp.”
As a result of this, major employers across Australia have reportedly had to suspend their career websites. The Australian Financial Review reports- “Human resources management software company PageUp, which services many of the ASX200, has been forced to alert clients that their data could have been compromised thanks to a data breach, forcing major employers across the country to suspend their careers websites.”
PageUp, which has prominent clients including Australia Post, AMP, Newcrest, Commonwealth Bank, ANZ, Asahi, Telstra etc, has clarified that there is no evidence of an active threat being there and hence there won’t be any issue in using any of the client job websites. The company has suggested that users could change their passwords for the sake of caution even though all the client users and candidate passwords that are there in its database are hashed using bcrypt and salted.
While PageUp has informed customers that personal details like name, contact details, usernames, passwords (which, however, have been encrypted) etc could have compromised, Australia Post has clarified that the impacted information might include names and email addresses. Australia Post has also said that in the case of successful applicants, the data saved in the PageUp systems might include bank details, tax file number and superannuation details, diversity information, emergency contact information, conditions of offer and employment, mobile number etc.
As per a report by iTnews several clients have temporarily suspended their work with PageUp; the report says- “Major Australian firms including Coles, Telstra, AusPost and Medibank have pulled their recruitment websites offline after the service provider supplying the technology for them said it may have been breached.”
Julia Sowells250 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.