iTnews

PageUp 'victimised' by disclosure laws: MacGibbon

By Justin Hendry on Jun 25, 2018 3:46PM
PageUp 'victimised' by disclosure laws: MacGibbon

Not enough time to properly assess security incident.

Australia’s national cyber security adviser has blamed a “conflict of laws” for forcing PageUp People to disclose last month’s malware infection before it could properly assess the damage caused.

Alastair MacGibbon told CEDA’s state of the nation conference in Canberra today that premature disclosure of the incident led to the Australian recruitment cloud service provider being “in a sense ... victimised”.

MacGibbon went beyond comments he made last week in support of PageUp - which also played down the the likelihood that data was exfiltrated when unauthorised entry to parts of its systems took place.

“PageUp had to notify the UK market because their requirements are very tight - within 72 hours of a suspicion,” McGibbon said.

“[Australia's] requirements aren’t as compulsive in the early stages [of an incident]."

He said that having to report in the UK - as it has the "most onerous" laws - was “detrimental to PageUp”.

"PageUp in a sense was victimised by having to report to the UK market on a matter, and then if they hadn’t reported in Australia at the same time then the allegation people would make is ‘you held back’, ‘you waited months’ because that’s how long you could do in Australia if you’re investigating activity before you came out," he said.

“Because of that they came out to the market earlier than logically they should have because if they had had more time they could have said there’s no evidence data has been exfiltrated.”

Customers suspended their use of PageUp, particularly to underpin online recruitment sites, immediately following the disclosure of the incident over fears a large amount of data was compromised.

PageUp People is yet to definitively say whether it was breached, but has indicated that “on the balance of probabilities” some data was accessed by an unknown attacker.

The Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner and IDCARE said last week that there is nothing to suggest that any “information may actually have been stolen”.

Today, MacGibbon doubled down on this position, which he characterised as “someone breaking into the house, but not necessarily leaving with what they broke in to steal”.

“I’m at pains to say there’s a difference between a person gaining access to data and a person exfiltrating data,” he said.

“I have no doubt that someone got into the PageUp systems, but I’m not convinced necessarily that any data was stolen.”

“The reaction of the market, however, was different and to me lacks maturity.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
data incident malware pageup people security

Partner Content

Tackling cybersecurity in 2021
Partner Content Tackling cybersecurity in 2021
Resetting cyber security for the new threat landscape
Partner Content Resetting cyber security for the new threat landscape
Beat the DDoS blackmails in 2021
Promoted Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Promoted Content Why companies fail at picking cloud modernisation partners

Sponsored Whitepapers

The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training
Your guide to application security solutions
Your guide to application security solutions
State of Software Security: Open Source Edition
State of Software Security: Open Source Edition
Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [iTnews and Micro Focus] Navigating the cloud modernisation minefield
By Justin Hendry
Jun 25 2018
3:46PM
0 Comments

Related Articles

  • 'No evidence' data stolen in compromise: PageUp
  • PageUp security incident shows no sign of exfiltration
  • Congress has new appetite for breach law following SolarWinds hack
  • 86 400 looks to strengthen customer sign-up process
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

Infosys scores another $40m for Centrelink payments engine build

Infosys scores another $40m for Centrelink payments engine build

Telstra InfraCo opens up telco's own fibre network

Telstra InfraCo opens up telco's own fibre network

Transport for NSW data stolen in Accellion breach

Transport for NSW data stolen in Accellion breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.