Australia-based human resources firm PageUp has confirmed it found "unusual" activity on its IT infrastructure last month, which has resulted in the potential compromise of client data.
On May 23, the SaaS provider said it immediately launched a forensic investigation after malware was spotted on its system. Five days later PageUp said its suspicions were confirmed, with investigations revealing "some indicators" that client data may have been compromised.
"If any personal data has been affected it could include information such as name and contact details. It could also include identification and authentication data e.g. usernames and passwords which are encrypted (hashed and salted)," the company said in a statement.
"There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted; however, out of an abundance of caution, we suggest users change their password."
The company said that signed employment contracts and resumes are stored on different infrastructure to that which was affected; it said there is no evidence that the document storage infrastructure has been compromised.
The statement, penned by CEO and co-founder Karen Cariss, said PageUp has been working with international law enforcement, government authorities, and independent security experts to "fully investigate" the matter.
As a result, the company said it is unable to provide further detail on what information has been affected.
"Since becoming aware of unauthorised access we have been urgently analysing the impact and consequences of this incident and have engaged independent digital forensic expertise, who have been attempting to identify what, if any personal data may have been accessed," the statement continues.
"That said, we can share that the source of