Confidential Information Possibly Compromised in Malware Attack

Confidential Information Possibly Compromised in Malware Attack

malware attackA malware infection has reportedly hit an outsourced Australian-based vendor in Singapore, possibly compromising confidential information of applicants for public-service jobs.
According to reports, those involved were users of the Careers@Gov online portal, where vacancies are listed and applicants invited for public-sector jobs. Those affected were informed recently of the malware breach by email from the portal’s vendor.
The malware has since been contained and the threat eradicated, said reports, adding that the vendor has not noticed any further signs of suspicious activity.
Australian human resources software provider, PageUp which is responsible for counting universities, banks and the Tasmanian government runs the portal.
Among others, it provides career and recruitment software for companies to create a website portal that lets them publish job openings, receive applicants’ resumes and shortlist applicants.
There are close to 297,000 account holders with Careers@Gov which include public officers and members of the public who have accessed the portal to apply for a job with the public service.

 

Obtaining information from PageUp

A Public Service Division spokesman responsible for operating the portal said they were in the midst of investigating the incident and were obtaining information from PageUp.
Upon detecting the malware infection, PageUp’s chief executive and co-founder Karen Cariss posted a statement on the company’s website stating that the company had detected unusual activity on its IT infrastructure on May 23.
The statement said the company had found some indicators of a possible compromise of client data and that the company was in the process of carrying out a forensic investigation and working with law enforcement and government authorities on the breach.
Among clients possibly affected by the breach include The Australian Post, University of Melbourne and the Australian National University.
Possible data which could have been compromised includes names and contact details of users, along with user names and encrypted passwords.
Following the breach, several clients, such as Australian bank Commonwealth Bank and telco Telstra pulled their recruitment websites offline.
As an immediate measure, users have been urged to change their Careers@Gov account passwords, as well as the passwords on other websites or accounts they have if those accounts share the same user name and password credentials.
READ ALSO:  A Cyberwar Is Coming, Are You Ready?

About the Author