Hack attack

MITCHELL Shire Council is one of dozens of Australian organisations hit by a cyber security breach to PageUp People, recruitment software.

Mitchell was one of seven councils and one of many government organisations and large corporations affected including Australia Post, Telstra, Commonwealth Bank and Jetstar.

PageUp software powers recruitment at corporates including Lindt, Linfox, Reserve Bank of Australia, Zurich and Victoria University.

Mitchell Shire CEO David Turnbull told the North Central Review that he understood the incident has caused some concern among applicants, adding that council had contacted all job applicants who have used council’s web application page since the threat was detected on May 23.

“It is disappointing that any personal details have been affected. I hope the information provided to applicants provides some reassurance that we have taken this matter seriously and provided those people who have been affected with the best available advice about any precautionary steps they should be taking,” Mr Turnbull said.

PageUp has been working with independent IT and forensic security experts, their own internal security team, Australian Cyber Security Centre, Australian Federal Police and multiple independent expert cyber security firms to address the incident.

Council has also posted a warning on its website alerting people who may have applied for a job with council.

“Some of your personal data may have been accessed by unauthorised persons following a security incident at PageUp, a third party supplier that provides the software which we use for recruitment,” Council’s post warns.

On May 23 PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. On May 28 investigations revealed client data may have been compromised.

Detailed forensic investigations have since confirmed that an unauthorised person or persons gained access to PageUp systems.

It is believed that applicant information including contact details name, email address, physical address, and telephone number are among the information that could have been accessed.

Mr Turnbull said that council was ‘comfortable’ with the additional measures PageUp now has in place and is working towards resuming the online recruitment service next week.

“I would also like to take this opportunity to thank the staff who have been working very hard behind the scenes to keep people up to date and to keep processing applications through the shut-down,” Mr Turnbull said

“Based on the latest advice from independent security experts, council’s own internal security experts and discussions with other affected councils and government agencies, council is comfortable that PageUp has put very strong preventative measures in place,” he added.