Two significant organisations in Bendigo were involved in a data security breach from a third-party recruitment system, whereby personal details of job applicants may have been accessed and disclosed by unauthorised persons.
Bendigo Bank temporarily suspended its use of online recruitment services company PageUp after being informed its data had likely been compromised.
PageUp said personal data may have included names, street and email addresses and telephone numbers.
A spokesperson for Bendigo and Adelaide Bank said the bank was satisfied security risks have been resolved.
“The bank takes data privacy very seriously. We have collaborated with government bodies, privacy and information security experts across the industry to ensure the recruitment system is secure. We are taking all necessary action to protect personal information, including working with PageUp to reset all user passwords, and we have notified everyone who has applied for a role at Bendigo and Adelaide Bank of the current situation,” he said.
“The bank does not store any account, Tax File Number, superannuation, national police check results, gender, next of kin details or marital status information within PageUp.”
A spokesperson for La Trobe University said the institution had not been informed of any breaches specific to the university, but it had taken precautionary measures like resetting user passwords.
An email sent on behalf of the university to applicants, read: “Importantly, PageUp has advised that it is confident that the most critical data categories including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts are not affected in this incident.”
Dave Lacy, managing director of IDCARE – Australia’s expert community identity and cyber support service – said the direct risk of identity theft due to the breach was unlikely, with phishing emails and telephone scam calls a more realistic outcome.
“Identity thieves typically require other forms of personal information to successfully manipulate this type of data, such as driver licence, passport, and account details,” he said.
More info: https://www.pageuppeople.com/unauthorised-activity-on-it-system/