iTnews
  • Home
  • News
  • Technology
  • Security

PageUp People hit by malware infection

By Ry Crozier on Jun 6, 2018 11:57AM
PageUp People hit by malware infection

Aussie recruitment SaaS provider says data may be compromised.

Melbourne-based PageUp People, a recruitment cloud service provider, has revealed some of its systems were compromised after a malware infection late last month.

The infection led to an unknown third party gaining access to some internal systems.

Further, the company said it had “some indicators that client data may have been compromised” but would not know more until a forensic investigation was completed.

The company's software powers recruitment at corporates including Lindt, Linfox, Reserve Bank of Australia, Zurich and Victoria University, according to its website.

“The source of the incident was a malware infection,” PageUp People said in an advisory.

“The malware has been eradicated from our systems and we have confirmed that our anti-malware signatures can now detect the malware.

“We see no further signs of malicious or unauthorised activity and are confident in this assessment.”

The company said it was tipped off to the malware’s presence after detecting “unusual activity on its IT infrastructure” on May 23.

It said that “if any personal data has been affected it could include information such as name and contact details”, as well as usernames and passwords

However, it said that “all client user and candidate passwords in our database are hashed using bcrypt and salted”.

Even so, “out of an abundance of caution, we suggest users change their password,” it said.

The company said that documents “including signed employment contracts and resumes” that it collected were “stored on different infrastructure” to that which had been infected and accessed.

“We have no evidence that the document storage infrastructure has been compromised,” it said.

The company said it had notified both UK and Australian information commissioners of the incident, as well as Australian infosec authorities.

“We have notified the Australian Cyber Security Centre (ACSC) and engaged with Australia’s Computer Emergency Response Team (CERT), who may notify the Australian Federal Police,” it said.

“We will also be informing the UK National Cyber Security Centre (NCSC).”

Update, 7.21pm: Major brands including Telstra, AusPost, Medibank and Coles have pulled their careers sites offline. Read the latest here.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cloudinfectionmalwarepageup peoplesecurity

Partner Content

Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Digital signatures propel Australian Unity with rapid time to value
Digital signatures propel Australian Unity with rapid time to value
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Ry Crozier
Jun 6 2018
11:57AM
0 Comments

Related Articles

  • Google adds phishing protection to Workspace apps
  • Google Cloud joins AWS, Azure in gov data sovereignty scheme
  • DTA cloud certification backlog forces last-minute hosting exemption
  • Collins Foods puts IT focus on security controls, cloud services
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia sets changeover date for myGov

Services Australia sets changeover date for myGov
NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul
Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs
NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026

Digital Nation

Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.