Wednesday 13 June, 2018
Third update: PageUp incident
Over the past week we have been communicating with you regarding the security incident at PageUp, a vendor that provides hiring-related information services, which gave rise to concern that some of your personal details may have been accessed by an unauthorised person and possibly disclosed.
What has happened?
We have been advised that forensic investigations by PageUp have confirmed that an unauthorised person gained access to PageUp systems and personal data relating to clients, job applicants, references and PageUp employees.
How could I be impacted?
PageUp’s forensic experts have identified that compromised data may include names, street addresses, email addresses, and telephone numbers. Some employee usernames and passwords may have been accessed but are protected using encryption.
Importantly, PageUp has advised that it is confident that the most critical data categories including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts are not affected in this incident.
Are PageUp systems safe to use?
PageUp has advised that the incident has been contained on PageUp systems, and that PageUp is safe to use. Further security measures have been implemented to guard against any similar incidents in the future. As we have now received confirmation of this status from the independent assessor, Programmed will shortly recommence using PageUp to process recruitment advertising, job applications and offers.
Are Programmed’s other systems safe to use?
The incident was contained at PageUp, and no other Programmed systems were affected in this incident.
Where should I go for more information?
For general information about this incident visit the PageUp website https://www.pageuppeople.com/unauthorised-activity-on-it-system/.
If you have specific concerns you should contact Programmed by email on email firstname.lastname@example.org with the subject heading “PageUp” and we will respond to you within 24 hours.
For general information about how you can you protect your data privacy, visit the Australian Competition and Consumer Commission website at www.scamwatch.gov.au.
What should I do to protect my personal information?
If you are concerned your data may have been accessed by an unauthorised party, we advise you perform the following good security practices:
- Change your passwords on other online services, if you re-use the same password
- Enable multi-factor authentication and other available security measures provided by your other online services
- Be aware of potential phishing emails and telephone calls from businesses or institutions requesting your personal details. Avoid opening attachments from unknown senders via email or social media
- Install anti-virus software and keep it updated
- Apply all recommended software patches from operating system and software providers to any technology you use.