SaaSy HR outfit PageUp reports ‘unauthorised activity’ and data breach

guest · Jun 5, 2018

SaaSy HR outfit PageUp reports ‘unauthorised activity’ and data breach
Giant supermarket chain used it and warns job-seekers from last 18 months to worry
June 6, 2018
https://www.theregister.co.uk/2018/06/06/pageup_people_data_breach/

SaaS HR platform PageUp has revealed “unusual activity on its IT infrastructure” and “revealed that we have some indicators that client data may have been compromised”.

There’s bad news and semi-ok news here: the bad is that the company isn’t sure what data was accessed, but thinks it was limited to “name and contact details” and “… could also include identification and authentication data e.g. usernames and passwords.”

The semi-ok news is that the passwords are hashed and salted.

[...] “We will also be informing the UK National Cyber Security Centre (NCSC),” the company’s statement says.
Which is all very responsible, but this gets worse because supermarket giant Coles has notified applicants that it “is among a number of large Australian organisations who may have been impacted by a data security incident at human resources technology provider PageUp.”
Click to expand...

guest · Jun 14, 2018

As PageUp remediates its security breach, a reminder that times have changed
Business, industry watching for fallout from first major breach of GDPR era
June 14, 2018
https://www.cso.com.au/article/642444/pageup-remediates-its-security-breach-reminder-times-changed/

The breach, which was detected on 23 May and confirmed on 28 May, spawned public warnings that thousands of Australians’ personal details might have been stolen by unauthorised external parties.

Cybersecurity consultants were quick to highlight both the risk of the breach and its importance as a reminder of the implications of a breach that, in PageUp’s case, spans a wealth of jurisdictions covered by legislation including the European Union’s general data protection regulation (GDPR).
“The significance of this breach cannot be [overstated],” warned Forcepoint APAC director of sales engineering William Tam in a statement. “Given this is the first major breach to happen after the launch of the GDPR, it will be the first example of how action will be taken by the EU.”

“The unfortunate reality is that data breaches do happen, so it’s paramount that organisations pay close attention to their disclosure processes and prioritise transparency with their customers. It’s how organisations handle the breach from beginning to end that will have a lasting impact on customer trust and public perception.”
Click to expand...

ronjor · Jun 19, 2018

PageUp: No Sign of Data Exfiltration

Jeremy Kirk (jeremy_kirk) • June 19, 2018
But Old Error Logs Contained Clear Text of Incorrect Passwords
Click to expand...

guest · Jul 3, 2018

Whitbread Sounds Breach Alarm After PageUp Incident
July 3, 2018
https://www.infosecurity-magazine.com/news/whitbread-breach-pageup-incident/

Whitbread is the latest big-name company to have been affected by a breach at a popular third-party recruitment platform provider, it has emerged.
The UK hotel and coffee shop operator has admitted that some current and prospective employees’ data may have been compromised, thanks to an incident last month at Australian supplier PageUp.

An email sent by Whitbread to those potentially affected claimed that data handed to the company during the recruitment process “may have been accessed and could potentially (in combination with other information) be used for identity theft,” according to the Irish Times.

Passwords were hashed using bcrypt and salted by the Aussie provider, but Whitebread is still advising individuals to change them if they shared the same credential across other sites.
The firm has also suspended its use of the third-party recruitment platform for now.
Click to expand...

guest · Nov 26, 2018

PageUp Breach: 'No Specific Evidence' of Data Exfiltration
But Forensic Investigation Shows Attackers Had Exfiltration Tools in Place
November 26, 2018
https://www.inforisktoday.com/pageup-breach-no-specific-evidence-data-exfiltration-a-11724

PageUp's breach update, posted on its website, closes the loop on what has proved to be a lengthy and challenging investigation into the incident, which the company discovered on May 23.

The company's conclusion, reached nearly six months after it learned it had been hacked, demonstrates how long it can take a company to thoroughly investigate a breach, as well as the backlash that companies may endure as investigators scramble to uncover facts.

"A detailed forensic investigation on the PageUp security incident in May this year has concluded that while an attacker was successful in installing tools that could exfiltrate data, no specific evidence was found that data was exfiltrated," the company says.
Click to expand...

Log in or Sign up

SaaSy HR outfit PageUp reports ‘unauthorised activity’ and data breach

guest Guest

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

Log in or Sign up

SaaSy HR outfit PageUp reports ‘unauthorised activity’ and data breach

guest Guest

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

Useful Searches