Australian banks shut down career pages after data breach at supplier

Australian banks shut down career pages after data breach at supplier

NAB and Commonwealth Bank of Australia have pulled their careers pages after reports of a malware infection and data breach at external technology supplier, PageUp People.

The two banks - alongside the country's Central Bank - are among a number of large Australian organisations who have suspended their use of the PageUp People recruitment portal.

PageUp says it detected unusual activity on its IT infrastructure last month, and upon conducting a forensic investigation found "some indicators that client data may have been compromised".

In a statement, the firm says: "All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password."

However, PageUp's reassurance that the jobs website can continue to be used has been disregarded by a large number of its enterprise clients.

NAB’s chief privacy officer, Jade Haar, says “We take the security of personal information extremely seriously. We have an active investigation to ascertain what data, if any, has been affected.

“We are working closely with PageUp and the relevant authorities to take appropriate action, as quickly as possible.”

For CBA the incident is the latest in a series of unfortunate security scares at the bank, which earlier this month said staff had routinely sent e-mails containing the personal account data of 10,000 customers to a domain name not owned by the Australian bank. The previous month, the bank finally came clean on a potential data breach involving 19.8 million customer accounts in 2016, after initially failing to notify customers.

In a statement, the bank says: "Protecting data is one of our most important responsibilities, so we have taken a cautious approach and are suspending our use of PageUp’s systems."

Comments: (0)