The Australian Attorney-General's Department (AGD) has confirmed that some of its staff may have had their information compromised at the hands of HR software provider PageUp, after the company earlier this week admitted some data held on its clients may be at risk[1].
As first reported by SBS News[2], AGD's recruitment team sent an email to job applicants informing them it was "possible that some of your personal details which were held in PageUp's systems may have been accessed by an unauthorised person and possibly disclosed to others".
"Our department has a contractual relationship with PageUp in respect of particular recruitment services," AGD wrote in a statement.
"We are aware of the data security breach and are in close contact with the Australian Cyber Security Centre and PageUp as they conduct a forensic analysis in relation to the breach."
PageUp confirmed some data may have been compromised, after revealing earlier this month it had fallen victim to a malware attack[3].
"Forensic investigations have confirmed that an unauthorised person gained access to PageUp systems," the company wrote. "Although the incident has been contained and PageUp is safe to use, we sincerely regret some data may be at risk."
The HR firm said that some personal data for employees who currently or previously had access to the client's PageUp instance may be affected.
The potentially accessed information includes employee contact details, such as name, email address, street address, and telephone number, as well as employment information, such as employment status, company, and job title.
In addition, failed login attempt data from 2007 and before contained a very small amount of password data in clear