Melbourne Water is one of a number of organisations who use PageUp to manage their recruitment activity.
Melbourne Water takes privacy and data security extremely seriously, and we have been made aware of a potential data breach involving the PageUp software system.
We are continuing to work with PageUp to understand whether the personal information of Melbourne Water staff or candidates may be affected by the potential data breach.
What data has potentially been impacted?
PageUp has provided an update regarding the type of data that may have been accessed as part of the breach and which data is unlikely to have been affected.
PageUp has advised that the following types of data have not been impacted:
- Financial information (including bank account numbers and credit card details)
- Australian Tax File Numbers
- Uploaded documents
PageUp has advised that the following types of data may have been impacted:
- Email addresses
- Street addresses
- Telephone numbers
- Some usernames and passwords (password data is protected using strong encryption)
What should you do if you have previously applied for a job with Melbourne Water?
We have emailed previous Melbourne Water candidates who may be affected by the potential data breach involving the PageUp system to notify them.
As a precaution, PageUp is recommending candidates change their PageUp password – click here to access the PageUp website.
If you use similar passwords across multiple systems, you may want to consider also refreshing these passwords (e.g. social media, banking).
What should you do if you’re concerned your data has been accessed
Any candidates who are concerned that their data may have been compromised should contact the Office of the Australian Information Commissioner (OAIC).
Anyone who notices any unusual online activity related to their personal information can contact the Australian Cybercrime Online Reporting Network (ACORN).
The OAIC website also contains advice about what do to in the event of your personal information being accessed by a third party.
For updates or more information regarding this issue please check the PageUp website.
What steps can candidates take to protect their data from being misused online?
PageUp is advising that if you are concerned your data may have been accessed by an unauthorised party, then you should perform the following steps:
- Change your passwords on other online services, if you re-use the same password
- Enable multi-factor authentication and other available security measures provided by your other online services
- Be aware of potential phishing emails and telephone calls from businesses or institutions requesting your personal details. Avoid opening attachments from unknown senders via email or social media
- Install anti-virus software and keep it updated
- Apply all recommended software patches from operating system and software providers
What has Melbourne Water done in response to the potential data breach
Melbourne Water has taken a number of steps in response to the potential data breach involving the PageUp system:
- Liaised directly with PageUp to understand how this incident is being investigated and what information is potential at risk
- Suspended use of the PageUp system for active recruitment
- Informed the Office of the Australian Information Commissioner (OAIC) and the Office of the Victorian Information Commissioner (OVIC) that data relating to Melbourne Water candidates may be impacted
- Worked with other Government agencies and Departments to share information about the management of this incident
- Sought further information from PageUp regarding the outcome of their investigation and understand what measures have been put in place to provide additional, improved security for their systems
Recommencing the use of PageUp for recruitment
PageUp has provided Melbourne Water with written assurance from cyber security experts Klein & Co that monitoring of the PageUp system “has not identified any further threats within the PageUp network or ongoing malicious activities”.
Klein & Co have been investigating this incident on behalf of PageUp.
PageUp have also implemented further security measures to help mitigate the risks of similar attacks in the future.
Following this assurance and the related security upgrades of the PageUp system, a number of organisations have recommenced using the PageUp system for recruitment.
Melbourne Water has considered the information provided by PageUp and made the decision to recommence using the PageUp system for our recruitment as of Thursday, 21 June.
We will continue to seek information from PageUp about which candidates may have had their personal information compromised and will provide an update to any Melbourne Water candidates who may be affected.