Update to vendor security incident
Posted on June 14, 2018
3 min read
We want to provide an update to candidates who have used our online recruitment systems regarding a security incident with one of our vendors, PageUp, a company that provides us software services used as part of our employee recruitment processes.
We recently suspended the use of our recruitment system, PageUp, following a security incident with their system. We have now verified the advice from PageUp that the malware has been eradicated from their system and that they have taken measures to significantly strengthen their security. Having now satisfied our requirements, we have made the decision to reactivate use of their service.
A number of other companies have also taken this step. PageUp continues to investigate the malware attack on its services. This is likely to take a number of months and we will provide a further update once their final report is confirmed. If you have any questions, please email email@example.com.
Read more: Tips to help spot a scam email
PageUp has been investigating a security incident where there was unauthorised access to its system. PageUp has provided more information on the incident here.
What are we doing?
Telstra takes privacy and data security seriously. We’ve held discussions with PageUp to understand any possible impact to the security of the services they provide. They have advised us that their investigation is continuing. While this is occurring, we have suspended our use of PageUp’s services.
We are taking all necessary action to protect the security of the services provided by the vendor, including asking PageUp to reset all passwords. We are also engaging government bodies, privacy and information security experts across the industry to examine PageUp’s findings on receipt and to further understand how we can help anyone who may have been impacted.
What information may have been accessed?
PageUp has not yet been in a position to advise us if any of our data was affected. However, given the circumstances, we believe that there is a risk that this has occurred.
In most cases, the personal information that could be potentially impacted is the applicant’s name, street address, phone number, application history and email address.
For those whose applications were successful, the data in PageUp’s systems may include:
- Date of birth
- Employment offer details
- Employee number (if a current or previous employee)
- Pre-employment check outcomes
- Referee details
Importantly, PageUp has advised that it is confident that the most critical data categories including resumes, ID documents and employment contracts are not affected in this incident.
Where should I go for more information?
Applicants with specific concerns should contact Telstra directly on the details below.
For general information about how you can protect your data privacy, visit the Australian Competition and Consumer Commission’s ScamWatch website.
What can I do?
As with any issue of this nature, we’re encouraging all candidates to make sure you always have strong passwords and they are stored securely. As a precaution only, we suggest you refresh all of your personal passwords and also monitor your accounts for any unusual transactions/activities.
We sincerely apologise for any concern this may cause. We will continue to provide updates as more information becomes available from PageUp and through our own investigations in relation to this matter.
If you have any questions, please contact Pageupenquiry@team.telstra.com.