Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

HR Software company PageUp victim of a Data Breach, experts fear a domino effect

HR Software Firm PageUp is the last victim of a data breach, the company has 2.6 million active users across over 190 countries. Another day another data breach makes the headlines, this time the victim is the HR Software Firm PageUp. PageUp is an Australian company with 2.6 million active users across over 190 countries. The company […]

PageUp

HR Software Firm PageUp is the last victim of a data breach, the company has 2.6 million active users across over 190 countries.

Another day another data breach makes the headlines, this time the victim is the HR Software Firm PageUp. PageUp is an Australian company with 2.6 million active users across over 190 countries.

The company notified the incident to its customers, informing them that it has launched a forensic investigation with the support from an independent 3rd party firm.

The company has notified the breach to law enforcement and data regulators in Australia and the United Kingdom.

According to the firm, on May 28 attackers accessed to internal records may continuing customer data, including names, contact information, usernames, and password hashes. Other sensitive data, including signed employment contracts and resumes, are not affected because they are stored on servers that were not affected by the security breach.

On May 23, 2018, PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. On May 28, 2018 our investigations revealed that we have some indicators that client data may have been compromised, a forensic investigation with assistance from an independent 3rd party is currently ongoing.” reads the data breach notification published by the company.

“There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password,” 

At the time, the firm did not disclose technical details about the security breach, it only confirmed that its systems were infected by a malware.

“we can share that the source of the incident was a malware infection.  The malware has been eradicated from our systems and we have confirmed that our anti-malware signatures can now detect the malware. We see no further signs of malicious or unauthorised activity and are confident in this assessment.” continues the notification.

Just after the news of the breach, some of the company that uses the PageUp service have shut down their online recruitment pages and notified job applicants

According to the Australia Post, data potentially impacted by the incident may include:

  • Bank details
  • Tax File Number and superannuation details
  • Diversity information
  • Emergency contact information
  • Conditions of offer and employment
  • Address
  • Mobile phone number
  • Questions relevant to the job such as if you have Work Rights or an Australian citizenship
  • Education and work experience
  • License number

PageUp

After the incident, the Australian telecoms giant Telstra suspended its online recruitment and notified the issue to the applicants.

“The online recruitment system we use is currently unavailable.
We are aware of a security incident with one of our vendors, PageUp, a company that provides us software services used as part of our employee recruitment processes.” states the security advisory published by Telstra,

“We are among a number of organisations who use PageUp. PageUp has provided more information here. We have held discussions with PageUp to understand any possible impact to the security of the services they provide”

Unfortunately, many other organization may have been impacted by the incident.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – PageUp, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]