PageUp, the talent management software company based in Australia, has confirmed malicious activity on its IT system in May had compromised the personal data of thousands of job applicants.
Companies affected by the breach included Telstra, Lindt, Aldi, and Commonwealth Bank, among other employers that had been posting on PageUp’s recruitment site.
Businesses hoping to publish job vacancies over the weekend were reportedly forced to take down their company pages.
PageUp, however, assured users the platform is now safe from any active threat.
After completing a probe of its IT infrastructure, PageUp reported there were indications that personal data, including names and contact information, had been breached. Other sensitive information such as login credentials was also hacked.
“All client user and candidate passwords in our database are hashed using bcrypt and salted,” PageUp said. “However, out of an abundance of caution, we suggest users change their password.”
A separate database for signed contracts and CVs appeared unaffected.
Malware had reportedly infected PageUp’s IT infrastructure, but the company has since cleaned up its system and beefed up security.
“Since becoming aware of unauthorized access we have been urgently analyzing the impact and consequences of this incident and have engaged independent digital forensic expertise, who have been attempting to identify what, if any personal data may have been accessed,” the company said.
The investigation has prompted PageUp to seek help from cybersecurity experts as well as local and international authorities on data protection and cyber crime, among them the UK National Cyber Security Centre and UK Information Commissioner's Office.
Are your retirement savings safe from hackers?