HR software firm suffers massive data breach after malware attack

The Australia-based SaaS provider firm PageUp has confirmed discovering ‘unusual activity’ on its IT infrastructure and identified the presence of a malware on its system. On May 23rd, the HR company posted a statement on its official website revealing about a possible malware attack that might have resulted in compromising its customers’ data.

Upon discovering the attack, the company immediately launched a forensic investigation. Nearly five days later, PageUp affirmed that the company was indeed targeted with malware. Potentially massive client data has been compromised including personnel-related information of numerous high-profile organizations such as:

The Australian Broadcasting Corporation, Kmart, Reserve Bank of Australia, Australia Post, Target, Medibank, Coles, NAB, Aldi, AMP, Linfox, Sony, Telstra, Officeworks, Asahi, Newcrest, Lindt and the University of Tasmania.

According to Karen Cariss, the CEO, and co-founder of PageUp, third-parties have been collaborating with the company to carry out digital and forensic analysis of the data breach. These include government agencies, international law enforcement authorities, and independent security experts to comprehensively probe the incident.

That’s why the company cannot share detailed information about this data breach as yet. The only thing that is confirmed is that a malware infection was the key ‘source of infection,’ that has now been removed from the systems, says Cariss.

“We have confirmed that our anti-malware signatures can now detect the malware. We see no further signs of malicious or unauthorized activity and are confident in this assessment,” Cariss added.

Signed employment contracts and resumes stored on various infrastructures are believed to have been affected but there is currently no evidence that document storage infrastructure is also affected.

The compromised data may include private and confidential information such as name and contact numbers as well as authentication data like usernames and encrypted passwords and personal identification details.

Currently, the company hasn’t suspected an active threat and PageUp website has resumed its normal operations. Although the passwords on PageUp, claims Cariss, are hashed using bcrypt and salted but as precautionary measure clients are suggested to change their passwords.

Telstra, Australian telecom firm, released the following statement in relation to the PageUp malware attack incident:

“In most cases, the personal information that could be potentially impacted is the applicant’s name, phone number, application history, and email address. For those whose applications were successful, the data in PageUp’s systems may include Date of birth, employment offer details, employee number (if a current or previous employee), pre-employment check outcomes, [and] referee details.”

PageUp has also notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, which it is required to according to its obligations for PageUp People’s own staff data, and has liaised with Australia’s Computer Emergency Response Team.

Image credit: Depositphotos

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.