Human resources software-as-a-service provider PageUp, used by a number of financial institutions including the RBA and Zurich, has detected “unauthorised activity” on its system.
PageUp announced in a statement it had uncovered “indicators that client data may have been compromised” and had commenced a forensic investigation with assistance from third-party security experts.
“There is no evidence that there is still an active threat, and the jobs website can continue to be used,” PageUp said.
“All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.”
The RBA, one of PageUp’s clients, responded to the announcement by suspending the links to PageUp previously included on the banks’ online careers page.
“Please note that we are not currently aware that the unauthorised activity at PageUp People has resulted in any fraudulent use of any RBA applicant's personal data,” the RBA said in a notification on its careers page.
“The RBA recommends that any person who has applied online for a position with the RBA maintain a close watch on the use of their personal information to ensure that there has been no recent unusual activity.”
Fellow PageUp client Zurich responded to questions from InvestorDaily to confirm it did not use the company for recruitment purposes, and as such “applicants and their data are not affected”.