Company unable to confirm whether its workers were affected by malware breach of job application program
Linfox is still seeking further information from human resources services firm PageUp after the company confirmed its systems were accessed by a third party.
PageUp runs a cloud-based talent management system used by companies including Linfox, Australia Post and Myer, among others, to help run their job application systems.
The HR company this week confirmed that the malware breach has compromised the data of job applicants using the system, as well as the people those applicants named as referees, along with employees and former employees of PageUp clients.
PageUp said among the files accessed were error logs from before 2007 – which it said may have contained incorrect failed passwords in clear text – rather than the encryption that covered actual password data.
“Because failed passwords can be similar to correct passwords, if employees have not changed their password information since 2007, it would be prudent to do this now and anywhere where they may have used the same password,” PageUp says.
A Linfox spokesman told ATN that Linfox was not in that situation, as it had started using PageUp after 2007.
Nonetheless, Linfox was still waiting to find out whether data relating to Linfox employees or job applicants had been affected by the breach, the spokesman says.
“Since that notification came out from PageUp and they let us know (about the breach), we have been taking steps to start communicating to the people whose data we have,” he says.
“I would never put a number on it, but essentially we are going to communicate with every person whose data we have so that would be everyone who has applied for a job since we started using PageUp.”
Linfox also appointed a cross-functional team of employees to help manage the situation internally, he said, adding that their work was ongoing.