Recruitment platform PageUp has informed its millions of job-seeker users of a privacy breach, after a malware infection potentially allowed an unauthorised party to access personal job application data.
The company, which was founded in Melbourne in 1997, now operates in 190 countries with more than 2.6 million active users.
On Wednesday, PageUp posted a statement on its website confirming that on May 23, unusual activity occurred in the company’s systems. It was discovered that data may have been compromised by an external attack.
PageUp was founded by Karen and Simon Cariss more than 20 years ago, starting off as a software development company. The business evolved into a recruitment platform after they were flooded with applications for developer positions and asked their team to come up with a program for organising them.
PageUp clients include the likes of Coles, Kmart, National Australia Bank, Telstra, Australia Post, Aldi and Lindt, with the ABC also confirming the Attorney-General’s department uses the platform for recruitment processes. A number of these large companies have suspended their use of PageUp systems while discussions continue with the company.
The breach could have resulted in unauthorised access to thousands of usernames and passwords, as well as job applicant names and contact details. The company has asked job candidates to change their passwords as a safety mechanism.
PageUp also stores signed employment contracts and documents in the cloud, but has assured users these are stored in a different system and have not been compromised.
The business, in line with its obligations around data security, has notified the Australian Cyber Security Centre of the breach and the UK Information Commissioner’s Office.
“We have engaged multiple, industry leading security consultants and subject matter experts who have been assisting with mitigating this incident and conducting our ongoing investigation. We have also taken immediate action to further harden our infrastructure through the implementation of additional technical controls and will work to establish additional training where required,” said chief executive Karen Cariss in a statement.