Cyber Threat Actor: PageUp
| Actor Type | Location | Known Incidents |
Hacker
|
Australia
|
2 incidents |
|---|
Profile
PageUp is a threat actor known to operate from Australia, linked to a significant data breach impacting third-party recruitment systems. The actor's activities were observed in a 2018 incident involving Whitbread, a multinational hospitality company, where PageUp managed the online recruitment platform for brands including Premier Inn and Costa Coffee's UK operations. The breach exposed applicant and employee data submitted to these brands, compromising contact details, biographical information, and employment history. This data was assessed as carrying identity theft risks if combined with other sources, though no confirmed fraudulent activity was reported post-incident. Whitbread suspended PageUp's services upon discovery and implemented measures to prevent further data uploads, advising affected individuals to change reused passwords as a precaution.
The actor's targeting centered on recruitment infrastructure, exploiting third-party service providers to access sensitive applicant data across the hospitality sector. The breach impacted Whitbread's operations primarily in the UK, with minimal effect on its limited presence in Ireland beyond a single Premier Inn location. Whitbread publicly acknowledged the incident, apologizing while emphasizing its partner vetting processes and data security commitments. PageUp's involvement highlights risks associated with third-party supply chain vulnerabilities in recruitment systems, though no technical specifics of the breach methodology (e.g., malware or initial access vectors) were disclosed in public reporting. The incident remains a singular, publicly documented operation attributed to this actor.
