Australian software-as-a-service provider, PageUp on Tuesday finally admitted that customer data was “probably” accessed following a breach last month.
On June 6, PageUp – which provides HR software to more than 2.6 million users in 190 countries – said it had detected unusual activity on its IT infrastructure on 23 May. Since then, Jetstar, the Tasmanian government, Telstra and other organisations have temporarily suspended their use of the PageUp platform. Australia Post also warned its staff that their personal information may have been compromised.
In a statement, PageUp CEO, Karen Cariss said: “While investigations continue, on the balance of probabilities, we believe personal data relating to our clients, placement agencies, applicants, references and our employees has been accessed.”
Cariss said the company is continuing to run forensic analysis but based on current information, it believes data may include names, street and email addresses, and telephone numbers.
“Some employee usernames and passwords may have been accessed, however current password data is protected using industry best practice techniques including hashing and salting and therefore is considered to be of very low risk to individuals,” Cariss said.
“No employment contracts, applicant resumes, Australian tax file numbers, credit card information or bank account information were affected. No data contained in onboarding, performance, learning, compensation or succession modules was affected.”
Cariss added that the Australian Cyber Security Centre, Australian Federal Police and multiple independent expert cyber security firms continue to work with the company to address the incident.
“We take privacy very seriously and are doing everything in our power to make our systems and security processes – and most importantly the data we hold – more secure now and for the long term. We sincerely apologise to our clients, applicants and employees who may be affected by this incident,” said Cariss.
Late last week, Sydney law firm Centennial Lawyers said it was considering initiating a class action against PageUp.
Follow Byron Connolly on Twitter: @ByronConnolly
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.