Treasury was recently notified about a security incident with PageUp, a company that provides Treasury with software for recruitment processes.
As a result of this incident Treasury notified people who applied for, or registered their interest in a position with Treasury or one of Treasury’s portfolio agencies, bodies or boards in recent years. This notification informed them their personal details may have been accessed by an unauthorised person and possibly disclosed.
Treasury have been advised that forensic investigations by PageUp have confirmed that an unauthorised person gained access to PageUp systems and personal data relating to clients, job applicants and references.
What is Treasury doing?
Treasury apologises for any concern this may cause those affected. We take privacy and data security seriously. Forensic experts have identified that Treasury data may have been compromised, so we notified those who may have been affected that there is a risk this has occurred. We are continuing to speak to PageUp and will update our information if their advice changes.
What information may have been accessed?
PageUp cannot confirm exactly what information has been accessed. PageUp has informed us that the type of personal information that may have been accessed includes:
- Contact details including name, email address, physical address, and telephone numbers;
- Biographical details including gender, date of birth, nationality, and whether the applicant was a local resident at the time of the application;
- Employment details at the time of the application, including employment status, company and title; and
- Referee details.
PageUp has advised it is confident that other personal information including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts were not affected in this incident. Password data for applicants was protected using industry best practice techniques.
Are PageUp systems safe to use?
Advice from the Australian Cyber Security Centre, PageUp and third party cyber security experts engaged to investigate the incident is that the incident has been contained on PageUp systems and that PageUp is safe to use. Further security measures have been implemented by PageUp to guard against any similar incidents in the future.
Are Treasury systems safe to use?
The incident was contained to PageUp and no Treasury systems were affected in this incident.
What should I do?
To increase the security of your personal information we encourage you to follow good security practices including:
- Changing your passwords on PageUp and other sites;
- Installing anti-virus software on your devices and keep it updated;
- Avoid opening attachments from unknown senders via email or social media; and
- Not disclosing personal information to unsolicited requests from individuals or organisations.
Where should I go for more information?
More information can be found on PageUp’s website or by contacting PageUp:
- AUS Toll Free - 1300 893 787
- AUS Landline - +61 3 9068 7721
If you have specific concerns about your Treasury application please contact us by email at PageUp‑firstname.lastname@example.org
For general information about how you can you protect your data privacy, visit the Australian Competition and Consumer Commission website at www.scamwatch.gov.au