Incident Of The Week: Data Breach Touches Highest Levels Of Australian Govt.

HR Software Company PageUp Reels From Compromise



Dan Gunderman
06/22/2018

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a data breach on HR software company PageUp. The impact of the breach, made public on June 15, goes as high up as the Australian Attorney General’s office, a PageUp client.

A.G. Applicants

The federal department confirmed that those who applied for a job within the A.G.’s office may have been affected by the breach. It is unknown how many applicants this impacts.

According to Australian news outlet SBS News, in a recent email distributed to applicants, the department said it was possible that some personal details were involved in the system breach. The email stated the sensitive information may have been obtained by an “unauthorized person” and “possibly disclosed to others.”

See Related: Incident Of The Week: U.K. Telecom Retail Breach Exposes 5.9M Records

What’s more, PageUp told its customers that it noticed “unusual activity on its IT infrastructure” last month. Its next discovery was the apparent data compromise.

The company’s CEO, Karen Cariss, wrote in a statement that, “Forensic investigations have confirmed that an unauthorized person gained access to PageUp systems.”

She continued: “Although the incident has been contained and PageUp is safe to use, we sincerely regret some data may be at risk.”


Critical Data

What data may be caught up in the breach? It could include name, email address, physical address and phone number, plus employment status and company/title.

“We are confident that the most critical data categories including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts are not affected in this incident,” PageUp added.

Other entities involved in subsequent investigation include the Australian Cyber Security Centre.

See Related: Incident Of The Week: Top Crypto Exchange Hit With DDoS Attack

In an FAQ section on PageUp’s website, the company wrote, “For those employees who currently or previously had access to a client’s PageUp instance, current password data is protected using the robust password hashing algorithm, bcrypt, which includes salts, and therefore is considered to be very low risk to individuals.”

However, it added, “A small number of PageUp error logs from before 2007 may have contained incorrect failed passwords in clear text. Because failed passwords can be similar to correct passwords, if employees have not changed their password information since 2007, it would be prudent to do this now and anywhere where they may have used the same password.”

Incident Response

A June 18 joint statement from the Office of the Australian Information Commissioner, the Australian Cyber Security Centre and IDCARE, a community identity and cyber support service, stated that “certain information pertaining to staff members, applicants and referees was accessed by an unauthorized third party.”

However, the statement points out the difference between access (comprising a systems breach) and exfiltration, meaning stealing the accessible personally identifiable information (PII).

Dave Lacey, Managing Director, IDCARE, said in part: “While it is important to acknowledge that breached personal information impacts people in different ways, based on investigations undertaken to date by PageUp, at this point IDCARE assesses that the direct risk of identity theft is unlikely.”

Lacey stated that additional risks could be “more relevant,” such as the possibility of phishing emails and telephone scam calls.

Be sure to keep tabs on the Cyber Security Hub’s “Incident of the Week,” which tracks the most pervasive cyber-incidents of the past seven days.

Additional IOTW Coverage: Incident Of The Week: Ticketfly Hacked, Engineers Pull Site Offline