A large data breach involving a global job service website may have compromised sensitive information, officials said Wednesday.
PageUp, a Melbourne-based company that provides human resources data in nearly 200 countries, announced the breach Wednesday.
The company said it detected “unusual activity on its IT infrastructure” on May 28, and that it’s working with law enforcement to find out how it happened. The government’s Australian Cyber Security Center is involved in the investigation.
“There has been malicious code executed inside PageUp’s systems and criminals may have access to an amount of documentation, we just don’t know exactly what it is,” ACSC chief Alistair MacGibbon said. “Any breach is bad and our job in the government is to reduce the likelihood of these events happening, but unfortunately the reality is that criminal groups are always looking at new ways to steal credentials and wreak havoc on our society.”
PageUp said it suspects malware in the attack, but it’s unclear how many job seekers may have been affected.
The company reports about 2 million active users in 190 countries. The Australian Attorney General’s Department, a PageUp client, indicated that no sensitive data was compromised.
Australia Post, the country’s postal system, said information from its applicants like banking details, tax filing numbers, home addresses and driver’s license numbers may have been compromised. It said it would contact the applicants about the event.
“As a proactive step, we have also ceased use of PageUp’s systems while we seek assurances from PageUp about data security,” an Australia Post spokesperson said.
The Australian Red Cross, the mobile phone retailer Telestra, Kmart and Target are among the organizations that have temporarily stopped using PageUp’s services in Australia.
By Ed Adamczyk