Response to vendor security incident
Posted on June 6, 2018
3 min read
We are aware of a security incident with one of our vendors, PageUp, a company that provides us software services used as part of our employee recruitment processes.
We recently suspended the use of our recruitment system, PageUp, following a security incident with their system. We have now verified the advice from PageUp that the malware has been eradicated from their system and that they have taken measures to significantly strengthen their security. Having now satisfied our requirements, we have made the decision to reactivate use of their service.
A number of other companies have also taken this step. PageUp continues to investigate the malware attack on its services. This is likely to take a number of months and we will provide a further update once their final report is confirmed. If you have any questions, please email email@example.com.
Read more: Tips to help spot a scam email
We are among a number of organisations who use PageUp. PageUp has provided more information here.
We have held discussions with PageUp to understand any possible impact to the security of the services they provide. They have advised us that their investigation is continuing and while this is occurring we have suspended our use of their services. This includes all current recruitment activity that has not been progressed past a written offer being placed on hold.
In most cases, the personal information that could be potentially impacted is the applicant’s name, phone number, application history and email address. For those whose applications were successful, the data in PageUp’s systems may include:
- Date of birth
- Employment offer details
- Employee number (if a current or previous employee)
- Pre-employment check outcomes
- Referee details.
We are treating this matter seriously and are taking all necessary action to protect the security of the services provided by the vendor.
We have to this point:
- Met with PageUp to understand what steps they are taking and offer the support of our cyber security services;
- Suspended use of PageUp’s systems to process job applications;
- Put on hold all current recruitment activity that has not been progressed past a written offer;
- Notified the Office of the Australian Information Commissioner (OAIC);
- Engaged government bodies, privacy and information security experts across the industry to further understand how we can help people who may have been impacted.
PageUp has not yet been in a position to advise us if any of our data was affected. If we do find this has occurred, we will contact impacted individuals.
We recommend that anyone who has used our online recruitment system to check that there has been no unusual activity concerning their personal information. The Office of the Australian Information Commissioner (OAIC) provides guidance.
We’ll provide updates as new information becomes available.
In the meantime, if you have any questions, you can contact our Careers team at firstname.lastname@example.org.