A provider of HR software said that a malware infection might have exposed user data including personal and account information.
According to a statement posted on its website, PageUp observed unusual activity on its IT infrastructure and subsequently launched an investigation on 23 May. Five days later, the HR software provider with 2 million active users spread across 190 countries learned through its investigation that the suspicious activity might have involved the exposure of client data. This information might have included personal details including names and addresses along with account data such as usernames and passwords that were hashed and salted.
Karen Cariss, CEO and co-founder of the company, explained in the statement that PageUp is working with third-party forensic specialists, law enforcement and government bodies including the United Kingdom Information Commissioner’s Office (ICO) and the Australian Cyber Security Centre (ACSC) to figure out exactly what happened. She said this ongoing investigation prevents her from discussing certain known facts about the incident. But she did divulge once crucial bit of information:
… [W]e can share that the source of the incident was a malware infection. The malware has been eradicated from our systems and we have confirmed that our anti-malware signatures can now detect the malware. We see no further signs of malicious or unauthorised activity and are confident in this assessment.
Cariss went on to reveal that the threat is no longer active, which means clients can continue to use the jobs website. But the Australian Red Cross, Telstra, Wesfarmers and Coles revealed to ABC News that they had decided to temporarily suspend their use of PageUp’s systems until they learn more about the incident.
Pending the release of this information, Cariss recommended that users change their passwords. They can do so by following this expert advice.
The incident at PageUp illustrates how companies need to take steps to protect themselves against malware. For instance, they should consider using file integrity monitoring (FIM) as a supplement to anti-malware solutions. Learn how Tripwire can help here.