What is the issue?
PageUp issued a statement advising its customers that on May 23, 2018 it had detected unusual activity on its IT infrastructure and immediately launched a forensic investigation.
PageUp has since confirmed that its systems sustained unauthorised access and it had notified the Australian Privacy Commissioner of the eligible data breach.
How could I be impacted?
If you have applied online for a role with ASC, it is possible that your personal data may have been accessed as a result of the breach. We are sorry for any inconvenience or concern this may have caused.
PageUp have confirmed that the following kinds of personal information could have been involved: name, gender, date of birth, street address, email address, telephone numbers, employment experience, education information, salary expectations and whether job applicants were local residents at the time of the application.
For references included in job applications, PageUp have confirmed that personal information involved may include contact information (including name, email address, physical address and telephone number) and employment information at the time the reference was provided (including company, title, and the length of the relationship with the job applicant).
PageUp has also advised that they believe that the following has NOT been impacted:
- Applicant resumes
- Applicant covering letters
Whilst ASC is aware of the breach, we are unable to confirm whether or not any of our job applicants’ data has been specifically affected. Nor are we aware of any fraudulent activity relating to anyone’s data occurring as a result of the security breach.
What has ASC done in response to the PageUp incident?
Once we were made aware of PageUp’s system breach, ASC immediately suspended the use of PageUp's systems to process job applications to minimise any possible harm.
ASC has now been assured by PageUp that the system is safe to use. That is, there are no further threats and further security measures have been implemented to help guard against a similar incident in the future. Based on these assurances, ASC has reactivated its PageUp account.
We will continue to seek information from PageUp about which (if any) candidates may have had their personal information compromised and will provide an update to those candidates who may be affected.
If I’m concerned about my data security, what should I do?
As the breach resulted in access to referee records, we recommend that you notify any referees who you submitted with your application that their personal information may have been accessed.
Who can I contact if I have further concerns?
If you are concerned that your data may have been compromised, you should contact the Office of the Australian Information Commissioner (OAIC). If you notice any unusual online activity related to your personal information can contact the Australian Cybercrime Online Reporting Network (ACORN).