Human resources software firm PageUp could find itself up against a class action lawsuit, after it revealed earlier this week it had fallen victim to a malware attack[1] that potentially compromised client information.
Centennial Lawyers, which last year filed a class action lawsuit[2] against the New South Wales Ambulance Service in the Supreme Court of NSW after it compromised sensitive personal and health information of NSW Ambulance workers, has said it is considering a class action against PageUp.
According to the Sydney-based law firm, companies that may have suffered at the hands of the malware attack include Wesfarmers-owned Coles, Target, Kmart, and Officeworks; the National Australia Bank (NAB); Telstra; the Reserve Bank of Australia; Australia Post; Medibank; the ABC; the Australian Red Cross; and the University of Tasmania.
See also: Australian Information Commissioner commends Red Cross for data breach response[3]
"Employers owe a duty to keep highly personal information confidential, not only of their workers but also those that are applying for work. This can often include financial information and even medical information required as part of an induction process," principal solicitor of Centennial Lawyers A/Prof. George Newhouse said.
"Companies, and those that provide services to them, must take adequate steps to protect their employees' or potential employees' information. This case highlights the damage that can be done if security is breached."
Citing class action cases overseas due to the mishandling of information by affairs-based dating service Ashley Madison[4] and search engine Yahoo, Newhouse said similar cases are only now starting to be issued in Australia and that action against PageUp would reaffirm the importance of protecting people's data that contains personal, sensitive, or confidential information.
PageUp confirmed earlier this