Australian HR firm PageUp hit with malware, client data possibly compromised

Australia-based human resources firm PageUp confirmed that it detected “unusual activity on its IT infrastructure” in May, which may have led to the firm’s data being potentially compromised.

The firm stated it detected the suspicious activity on May 23 and immediately launched a forensic investigation, which resulted in investigators discovering indicators of client data having been potentially compromised. PageUp said that there is currently no evidence to suggest that the threat is still active and that users can continue to use the jobs website.

“We take cyber security very seriously and have been working together with international law enforcement, government authorities and independent security experts to fully investigate the matter,” Karen Cariss, PageUp CEO and co-founder, said in a statement. “All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.”

The company confirmed the incident was a “malware infection”, but stated it has since been removed from PageUp’s systems. The firm added that it is “confident” no other signs of malicious or suspicious activity have been detected.

PageUp said the potentially compromised data could include users’ name, contact details, usernames and passwords. However, the company said there is no evidence that any signed documents, including resumes and employment contracts had been compromised. PageUp said this data is stored on a different infrastructure that was not impacted in the breach.

PageUp reportedly has over 2 million active users across 190 countries. Several of its clients, such as Australian telecommunications provider Telstra, Australia Post and one of Wesfarmers' retail business Coles, reportedly acknowledged that there is no evidence of any data having been compromised.

“We are treating this matter seriously and are taking all necessary action to protect the security of the services provided by the vendor," Telstra said in a statement. “PageUp has not yet been in a position to advise us if any of our data was affected. If we do find this has occurred, we will contact impacted individuals.”

Meanwhile, Coles stated that it has currently "suspended all connections between Coles' systems and PageUp's systems", ABC News reported. A spokesperson for Wesfarmers said that the company is currently unaware of "any inappropriate activity relating to anyone's data".

"However, we recommend that any person who has applied online for a position with these businesses in recent years check to ensure that there has been no recent unusual activity concerning personal information they may have supplied during the employment process, for example bank accounts, and maintain a close watch on the use of their personal information,” Wesfarmers said, ABC News reported.

PageUp has refrained from revealing any further details about the incident, stating that the investigation into the matter is still ongoing.

PageUp said that it has notified the UK Information Commissioner’s Office (ICO) and will also be alerting the UK National Cyber Security Centre (NCSC). The firm has also notified the Australian Cyber Security Centre (ACSC) and Australia’s Computer Emergency Response Team (CERT), who in turn, may notify the Australian Federal Police.

“We have engaged multiple, industry leading security consultants and subject matter experts who have been assisting with mitigating this incident and conducting our ongoing investigation,” PageUp stated. “ We have also taken immediate action to further harden our infrastructure through the implementation of additional technical controls and will work to establish additional training where required.”