EXECUTIVE SUMMARY:

Australian firm PageUp, one of the largest providers of human resources (HR) software-based services, is investigating a data breach stemming from a malware infection.

According to PageUp’s website, it has 2.6 million active customer employee users in more than 190 countries. On May 23, the company noticed unusual activity on its network and began investigating. Five days later, it found that client data might have been compromised.

Catalin Cimpanu from Bleeping Computer explains that PageUp gives customers custom IT solutions that are embedded on their career sites and intranets to publish job openings, receive resumes, and select candidates. “Data submitted by job applicants is stored on PageUp’s cloud infrastructure, and HR staffers at each company can access it via customized dashboards,” Cimpanu says.

Given the nature of PageUp’s work — human resources — the data in question is sensitive and personal. It counts among its clients major corporations, along with some government entities. While some organizations rely on PageUp software for recruitment only, others use it for human resources functions that can include salary information, bank details, tax numbers and other sensitive personal data, according to ABC. In response, some PageUp customers are suspending connections to the HR systems and encouraging job applicants to check that their personal information is not being misused.

Once again, the lesson prevails that you’re only as secure as the vendors and partners with whom you do business.

PageUp has reported that the malware has been extracted and the company is continuing to investigate the incident with law enforcement and a cybersecurity firm.

Get the full story at Bleeping Computer.