so far I’ve received 25 emails from 25 companies plus another 3 duplicates as I’ve applied to some companies a few times.
Few Companies haven’t been in touch.
Now when I call and ask for direct email address they all tell me that they are in the clear… they are NOT… co’s that are willing to hand out email address, reject me within days.
Page Up are under investigation but telling companies that they are in the clear… and no one thinks twice…
Is late better than never? If so, then we should congratulate AirServices Australia for finally coming to the party and acknowledging that they have used PageUp in the past.
Again, lots of weasel-words. Their email states (with personal information removed):
Airservices Australia takes your privacy very seriously. We regret to inform you about a recent cyber security incident with one of our vendors, PageUp. This company provides us with software services used as part of our online recruitment processes.
I am writing to you as you have previously applied for employment with our organisation through PageUp.
What happened?
PageUp identified unauthorised activity on its infrastructure by a third party using advanced cyberattack methods. They promptly took steps to contain the incident and engaged law enforcement and cybersecurity experts to investigate. While PageUp’s investigations continue, on the balance of probabilities, some personal data is believed to have been accessed without authorisation. At this stage there is no evidence of exfiltration, only access.
PageUp has retained one of Australia’s leading cybersecurity firms to evaluate its systems and work with them to implement additional security measures to ensure that there are no further incidents. External advisors have confirmed that the malware, which previously affected the system, has now been contained and that there is no evidence of an active threat. PageUp continues to work with international law enforcement and relevant government authorities.
Further information on the incident and their investigation is available here - PageUp Security Incident Update.
What information may have been accessed?
At this stage, PageUp has not advised us of any specific breach of Airservices candidates’ personal data. However, given the circumstances, we are taking the precautionary step to notify all candidates who may potentially have been impacted.
The type of information that you may have provided include: name, address, phone number, email address, qualifications and work history.
Depending on the role and whether your application was successful, the data in PageUp’s systems may also include:
- (if supplied) biographical details including gender, date of birth, maiden name (if applicable) and nationality
details of nominated referees, including name, contact details and length of relationship with the applicant.
Importantly, PageUp has advised us that the current results of its forensic investigations are that mainly non-sensitive data has been affected. There is no evidence that the most sensitive data categories (including your uploaded curriculum vitae, identification documents and employment contract) have been affected in this incident.
For employees and candidates who currently or previously had access to Airservices’ PageUp portal, current password data is protected using the robust password hashing algorithm, bcrypt, which includes salts, and therefore is considered to be of very low risk to individuals. However, failed login attempt data from 2007 and before contained a very small amount of password data in clear text. If you have not changed your password information since 2007, it would be prudent to do this now and anywhere you may have used the same password.
PageUp has no evidence that the password encryption has been compromised.
What we are doing?
We have held, and continue to have, discussions with PageUp and relevant government security agencies to understand if any information from our candidates has been accessed as a result of this incident.
We have instructed PageUp to reset passwords for all users.
As previously mentioned, PageUp continues to investigate the incident. If we obtain any further detail relating to risks to your own personal data, we will let you know.
PageUp has advised there is no evidence of active threat and the security integrity of the system is no longer compromised. Accordingly we will continue to use the system.
This security breach was notified to and managed by the Australian Cyber Security Centre, who have advised that the PageUp system is safe to use and that further security measures have enhanced the system’s ability to safe guard against similar incidents in the future. It is also important to note that this incident was contained to the PageUp system and does not affect other Airservices systems.
What can you do?
In the interests of limiting potential risk to your personal information, we recommend you:
- change your password on other online services, if you re-use the same password
Where can I go for further information?
We appreciate that you may have additional questions. If you have specific concerns please contact our Recruitment team on avrecruit@airservicesaustralia.com. (Note that as PageUp is still investigating the scope and details of the incident, we are not currently in a position to provide further substantive advice to you regarding the possible implications of the data breach.)
Further general advice can be obtained from PageUp on 1300 893 787 (toll free), 03 9068 7721 or web page.
I appreciate that the advice from PageUp regarding the security incident will be of concern to you, and I regret any distress or inconvenience caused as a result of the cyber-attack on their systems. We will provide updates as more information becomes available from PageUp.
Yours sincerely,
I have not included the links (other than the generic email address) this email contained, as they are each ‘personalised’ and trackable (e.g. the tail end of one reads in part …/vpz1UdznT0a9q-gM8jlFiA/h1/R50w9PbpXutrqS6EUWh92js-2BxjWR4g4g9vmpIc3rQkwIzzyw29okuNVnOdi6Aiaf-2BB-2BlhbyZTiI-2F2xmLC4snwDBwCh4gkLwi6jPa6NinD-2BblGDEAf44AuRyuFuL…).
So - it appears that the breach was first publicised on 6 June. AirServices Australia took six weeks to realise they were affected and decide to tell people. I hope they’re quicker when discovering problems with planes.
Wow - good thing people don’t have to trust Air Services Australia with anything important (cough) … 
Still getting emails … another one arrived today telling me that I prolly heard and there is mention of Original date it was discovered.
yet page up are telling people that all is in the clear.
Well in terms of your information, and many of us, I’d say they are correct - our information is all out there in the clear !! 
They are still notifying people as I’m still receiving notifications.
Personally I’d rather steer clear of them 
