While the forensic investigation by PageUp is ongoing, PageUp has stated publicly that it believes personal data relating to its clients, placement agencies, applicants, references and its employees has been accessed by an unauthorised third party.
Australian organisations which have been affected are now monitoring the forensic investigation by PageUp closely and, in many cases, have taken pre-emptive steps by notifying the Australian Information Commissioner and/or potentially affected individuals about the incident.
At this stage, there is uncertainty as to whether any personal information has actually been exfiltrated or stolen by the intruder(s).
Whether there are significant first or third party losses to Australian businesses as a result of the incident will likely turn on this issue.
We are currently assisting organisations to deal with the practical considerations of the impact of this incident, including:
- whether and if so when to re-connect to PageUp;
- whether, and if so how, to notify relevant privacy regulators and individuals affected by the incident;
- how to respond to inbound queries from affected individuals;
- whether affected organisations can push their losses onto PageUp; and
- broader security / privacy reviews.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.