Although investigations are ongoing, PageUp believes that certain information pertaining to staff members, applicants and referees was accessed by an unauthorised third party. Further information about the types of information affected can be found at PageUp’s website. PageUp has advised that no employment contracts, applicant resumes, Australian tax file numbers, credit card information or bank account information were affected.

While recognising that investigations are ongoing and that the situation may therefore change, the ACSC emphasises that there is a significant distinction between information being accessed (which means there has been a systems breach) and information being exfiltrated by the offender. In other words, no Australian information may actually have been stolen.

IDCARE is Australia’s expert community identity and cyber support service and has been working with impacted organisations and members of the community in relation to this incident.

Dave Lacey, Managing Director, IDCARE says:

‘Whilst it is important to acknowledge that breached personal information impacts people in different ways, based on investigations undertaken to date by PageUp. At this point IDCARE assesses that the direct risk of identity theft is unlikely. Identity thieves typically require other forms of personal information to successfully manipulate this type of data, such as driver licence, passport, and account details, in order to obtain credit in a person’s name or or undertake other related acts of impersonation. IDCARE assesses that there are other risks that are likely to be more relevant to impacted individuals, including the possibility of phishing emails, telephone scam calls, and specific risks to individuals concerned about their contact information, physical address, and employment details (and applications) becoming known to third parties.’

PageUp has provided public updates, and has held multiple corporate customer information sessions facilitated through the ACSC to help keep affected organisations informed.

Alastair MacGibbon, Head of the Australian Cyber Security Centre and National Cyber Security Adviser says:

‘PageUp has committed to advising impacted organisations and individuals if there are any new findings to arise as they complete their investigations. PageUp has demonstrated a commendable level of transparency in how they’ve communicated about, and responded to, this incident: they came forward quickly and engaged openly with affected organisations.’

Consistent with previous advice, the OAIC, ACSC and IDCARE jointly recommend that individuals who believe their information may be held by one or more of the organisations impacted should consider the following measures:

  • Immediately change passwords that may be the same as the one used during the recruitment process undertaken with impacted organisations.
  • Regularly change passwords and make them hard to guess.
  • Be wary of phishing emails by reviewing the sender of the email and be cautious of links and attachments – if in doubt, make your own enquiries with the organisation and individual concerned using other means.
  • Avoid telephone scammers – good organisations don’t call you and then ask for your details – if in doubt, finish the call and do your own research by finding an alternative contact point and checking to see if the real organisation did call.

For further information on how to protect your identity and respond to identity concerns please visit the OAIC’s data breach guidance for individuals and IDCARE’s Learning Centre.

For general easy-to-use information for the public and small to medium businesses, visit the Australian Cyber Security Centre’s Stay Smart Online website.

To report a cyber security incident visit the Australian Cyber Security Centre’s website.

To notify the Office of the Australian Information Commissioner of an eligible data breach involving personal information, organisations should use the the OAIC's Notifiable Data Breach form.

Alastair MacGibbon Head of the Australian Cyber Security Centre and National Cyber Security Adviser

Angelene Falk Acting Australian Information Commissioner and acting Australian Privacy Commissioner

Dave Lacey Managing Director, IDCARE

BACK TO LATEST NEWS

Success Stories!

Other News

IDCARE is always active in the media from radio to TV, social media and news articles. Keep up to date with what's happening at IDCARE and in the media.

You can now report a phishing scam to IDCARE

Information sharing is an important way to help keep IDCARE informed.

more info
IDCARE

iappANZ Annual Summit – Melbourne 2018

Australian Information and Privacy Commissioner discusses latest quarterly report on the Notifiable Data Breaches scheme.

more info
IDCARE

Cathay Pacific Data Breach

Today Cathay Pacific publicly notified the probable compromise of personal and account related information of some 9.4m customers.

more info
Data Breaches

Success Stories!

CONTACT IDCARE

IDCARE is here to provide you with specialist support and guidance when faced with a cyber and  identity related issue. Contact one of our Identity & Cyber Security Counsellors to learn more about our Support Services and how we can help you.   

AUSTRALIA

1300 432 273
Mon - Fri : 8am - 5pm AEST

NEW ZEALAND

0800 201 415
Mon - Fri: 10am - 7pm NZST