Another Incident of a Malware Attack Potentially Compromising Private Information
A malware attack has reportedly hit an outsourced Australian-based vendor in Singapore. Consequently, it may have compromised confidential information of applicants for public-service jobs.
According to reports, the main victims were users of the Careers@Gov online portal, where vacancies are listed and applicants invited for public-sector jobs. Those affected had received information regarding the malware breach by email from the portal’s vendor.
Reports say that the authorities have combatted the malware attack and eradicated threats. Meanwhile, the vendor has not noticed any further signs of suspicious activity.
Australian human resources software provider, PageUp which is responsible for counting universities, banks and the Tasmanian government.
Among others, it provides career and recruitment software for companies. Specifically, it is a website portal that lets them publish job openings, receive applicants’ resumes and shortlist applicants.
Furthermore, there are close to 297,000 account holders with Careers@Gov. These include public officers and members of the public who have accessed the portal to apply for a job with the public service.
Obtaining Information From PageUp
A Public Service Division spokesman responsible for operating the portal said they were in the midst of investigating the incident and were obtaining information from PageUp.
Upon detecting the malware infection, PageUp’s chief executive and co-founder Karen Cariss posted a statement on the company’s website. She stated that the company had detected unusual activity on its IT infrastructure on May 23.
The statement said the company had found some indicators of a possible compromise of client data. Moreover, the company was in the process of carrying out a forensic investigation. They are also working with law enforcement and government authorities to prevent a data breach.
Further, clients possibly affected by the breach include The Australian Post, University of Melbourne and the Australian National University.
The breach might have compromised data including names and contact details of users, along with user names and encrypted passwords.
Following the malware attack, several clients, such as the Australian bank Commonwealth Bank and telco Telstra pulled their recruitment websites offline.
As an immediate measure, the authorities have urged to change their Careers@Gov account passwords. Also, they have changed the passwords on other websites or accounts they have if those accounts share the same user name and password credentials.