Australia HR software provider PageUp is facing a class lawsuit after a major data breach that exposed users’ personal information. Australian law firm Centennial Lawyers just announced. Fearing their personal data may have been exposed, some users who applied for jobs through PageUp are taking legal action against the company because they feel they haven’t received enough details about the breach, as only a simple, general email was sent out without much explanation.
“If any personal data has been affected it could include information such as name and contact details. It could also include identification and authentication data e.g. usernames and passwords which are encrypted (hashed and salted),” the company said in a statement.
PageUp reported “unusual activity” on May 23, CEO and co-founder Karen Cariss wrote on the company website, and a forensic investigation immediately followed after malware was identified. Thousands of job applicants may have been affected by the breach and could fall victim to identity fraud.
“There is no evidence that there is still an active threat, and the jobs website can continue to be used,” Cariss wrote. “All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.”
Some of Australia’s top companies including Wesfarmers: Coles, Target, Kmart, Officeworks, NAB, Telstra, Commonwealth Bank, Lindt, Aldi, Linfox, Reserve, Bank of Australia, Australia Post, Medibank, ABC, Australian Red Cross, University of Tasmania, AGL and Jetstar used the software provided by PageUp in their online recruitment process.
PageUp claims to have some 2 million active users in 190 countries.