Cyber Incident Victim: PageUp
Date:
May 2018
Location:
Australia
Summary
A human resources software firm experienced a malware infection on its IT infrastructure, leading to potential unauthorized access to client data. The company detected unusual activity, initiated a forensic investigation, and confirmed indicators of possible compromise affecting personal information such as names, contact details, and encrypted credentials. The malware was eradicated, with no evidence of ongoing threats or compromise to stored documents like resumes and employment contracts. A telecommunications client using the software noted that exposed data could include application histories, dates of birth, employment details, and referee information for successful applicants. The incident was reported to cybersecurity authorities and data protection regulators in multiple jurisdictions, including the UK and Australia.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 23, 2018, Australia-based HR software provider PageUp detected unusual activity on its IT infrastructure, prompting an immediate forensic investigation. The company confirmed malware presence on its systems, and by May 28, identified indicators suggesting potential compromise of client data. Potentially affected information included candidate and user names, contact details, and authentication credentials such as usernames and passwords, which were encrypted using bcrypt with salting. PageUp clarified that signed employment contracts and resumes resided on separate infrastructure showing no evidence of compromise. The company maintained there was no active threat remaining and assured users their job application portal remained operational, though it recommended password changes as a precaution. Investigations revealed the incident originated from a malware infection, which was subsequently eradicated with updated anti-malware signatures deployed to detect recurrence.
PageUp engaged independent digital forensic experts to assess the breach's scope while notifying multiple regulatory bodies including the UK Information Commissioner's Office, UK National Cyber Security Centre, Australian Cyber Security Centre, and Australia's Computer Emergency Response Team. Telecommunications firm Telstra, a PageUp client, disclosed that potentially exposed recruitment data included applicant names, phone numbers, email addresses, and application histories, with successful candidates' records possibly containing dates of birth, employment offers, employee numbers, pre-employment check outcomes, and referee details. PageUp could not definitively confirm whether specific client datasets were exfiltrated but maintained continuous monitoring showed no residual malicious activity. The company liaised with Australia's privacy regulator (OAIC) and emphasized its infrastructure remediation efforts while clients like Telstra prepared individual notifications pending confirmation of data impact. PageUp expressed confidence in its containment measures and the restored security of its systems following the malware eradication.