Sydney law firm Centennial Lawyers on Friday said it was considering initiating a class action against Australian software-as-a-service provider PageUp, which earlier this week released details of a possible data breach that took place in May.
Since then, Jetstar, the Tasmanian Government, Telstra and other organisations have temporarily suspended their use of the PageUp platform. Australia Post has also warned its staff that their personal information may have been compromised.
Centennial Lawyers today has reached to 17 organisations following media reports that a “massive data breach” may have put personal and confidential information of job seekers and employees from these companies at risk.
PageUp said on its website: “There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.”
George Newhouse, principal solicitor at Centennial Lawyers said employers owe a duty to keep highly personal information confidential not only of their workers but also those that are applying for work.
“This can often include financial information and even medical information required as part of an induction process. Companies, and those that provide services to them, must take adequate steps to protect their employees’ or potential employees’ information. This case highlights the damage that can be done if security is breached.”
He added that while there have been major successful class actions in the US and Canada against Yahoo and Ashley Maddison for mass data breaches, similar class actions are now starting to be issued in Australia.
“We are proud to be at the leading edge of this area of law to reaffirm the importance of protecting people’s data which contains personal, sensitive or confidential information,” he said.
Last year, the law firm filed a class action lawsuit against the NSW Ambulance Service in the Supreme Court of NSW. That plaintiff in that case alleges that a contractor was allowed to access personal medical and workers compensation information of over 100 ambulance staff. It was alleged that the contractor then sold the personal and medical details to at least one firm of solicitors and possibly more, the law firm said.
Follow Byron Connolly on Twitter: @ByronConnolly
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.