By Cam Lucadou-Wells
Casey Council job applicants are unlikely to suffer “direct identity theft” as a result of a recent widespread data breach, according to a cyber-safety expert group.
This month, numerous groups including City of Casey and Federation University were notified of the possible data breach involving their online recruitment provider PageUp People.
In a statement on 19 June, the federal agency Australian Cyber Security Centre declared that “no Australian information may actually have been stolen” – though investigations were still ongoing.
“The ACSC emphasises that there is a significant distinction between information being accessed (which means there has been a systems breach) and information being exfiltrated by the offender.”
In the joint statement, IDCARE, which has since assisted PageUp clients, stated that there were “more relevant” risks as a result of the breach.
These included possible phishing emails, scam calls, or specific risks due to contact information, address and workplace details being known to third parties.
“At this point, direct risk of identity theft is unlikely”, IDCARE managing director Dave Lacey said.
“Identity thieves typically require other forms of personal information to successfully manipulate this type of data, such as driver licence, passport, and account details, in order to obtain credit in a person’s name or related acts of impersonation.”
Federation University, which has a campus in Berwick, has disabled its PageUp- provided online recruitment system.
“The University has taken the precautionary measure … until we receive further information from PageUp about the nature and extent of any potential impact,” a spokesman said on 14 June.
Casey Council had also taken down its PageUp online recruitment system.
It has advised its job applicants that their personal data may have been “compromised”.
PageUp says it is confident that the “most critical” data categories including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts were not affected.
Job applicants’ names, street addresses, email addresses and phone numbers as well as employment history and referee details may be at risk, PageUp stated.