Earlier this month, it was revealed that human-resources service provider PageUp had experienced a data breach that could potentially put at risk many of its clients across the globe, which includes companies such as Coles, Australia Post and Telstra. And now, the Australian Attorney-General’s Office has confirmed that its staff are also among the potentially affected users.
As initially reported at the beginning of June, the Australia-based software maker found malware on company systems which were used to store private data, such as Tax File Numbers, bank details and other personally-identifying details.
It's since been revealed that the malware was indeed used to access this data and, while the company assures its users and clients that the systems are currently secure enough to continue using, it “sincerely regrets that some data may be at risk”.
Who copped it?
PageUp is responsible for HR software that helps manage the recruitment process for many major companies, alongside organising and running payroll duties. As such, the software has access to a raft of sensitive information for both existing employees and prospective job seekers.
The HR provider's client list is extensive and apparently covers companies across 190 countries, although it appears that Australian organisations are predominantly the ones at risk due to the breach. Along with the aforementioned Attorney-General’s Department, other employers include the likes of Telstra, Australia Post, Medibank, Wesfarmers and more.
While the investigation is still ongoing, the latest statement – which was made in partnership with the Australian Cyber Security Centre (ACSC) – claims that “no Australian information may actually have been stolen” as there is only evidence of it being accessed rather, than exfiltrated.
New cybersecurity laws in action
It was only recently that Australia instated laws that forced companies to report data breaches in a timely fashion and to the appropriate authorities, and in the instance of PageUp, they have responded diligently.
The head of the ACSC, Alastair MacGibbon, praised the company's response, saying that “PageUp has demonstrated a commendable level of transparency in how they’ve communicated about, and responded to, this incident: they came forward quickly and engaged openly with affected organisations.”
As was the case with the previous report, it's recommended that users should change any passwords in use on PageUp-supplied services, as well as any unrelated accounts that may be using the same password.