Information on the PageUp security breach
It has come to our attention that as a result of a recent cyber security incident at PageUp, some personal information of users of the PageUp system may have been accessed by an unauthorised person and possibly disclosed without authorisation. PageUp is a vendor that provides recruitment related services to a large number of companies, including Newcrest.
Newcrest is committed to ensuring all information it collects or holds is handled respectfully and in accordance with relevant privacy laws. We are providing you with this notice so that you can assess the consequences of this incident and take action to protect your information.
As a precaution and security measure Newcrest has also disabled the use of PageUp for recruitment at this stage.
What has happened?
PageUp has confirmed that an unauthorised person gained access to PageUp systems and personal information relating to client companies, job applicants, referees and PageUp employees. At this stage, the precise cause of the security incident has not been made known to Newcrest, however, we understand that the Australian Cyber Security Centre, the Australian Federal Police and independent cyber security firms are involved in addressing the incident.
How could I be impacted?
Whilst PageUp has been unable to confirm if your particular information or any data related to Newcrest has been accessed, PageUp has advised that information that may have been accessed includes names, street addresses, email addresses, and telephone numbers. There is also a possibility that certain biographical details (including gender, nationality and whether the applicant was a local resident at the time of application), employment information and reference information may have also been accessed. Whilst there is evidence to suggest that usernames and passwords were targeted, the passwords are encryption protected.
Importantly, PageUp has advised that it is confident that critical data categories including financial information, Australian tax file numbers, employee performance reports and employment contracts have not been affected by this incident.
What can l do
If you are concerned that your data may have been compromised we suggest the following:
For general information about how you can you protect your data privacy, visit the Australian Competition and Consumer Commission website at www.scamwatch.gov.au.
For further steps you can take, we also recommend that you visit the Office of the Australian Information Commissioner's website at https://www.oaic.gov.au/individuals/data-breach-guidance
Where should I go for more information in relation to this security incident?
Further information about the security incident has been published by PageUp at https://www.pageuppeople.com/unauthorised-activity-on-it-system/. You can also contact PageUp at firstname.lastname@example.org.