CYBER SCARE: Council caught up in mass data breach
ANY person who has applied for a job with Sunshine Coast Council, current and former employees, may have had their personal details accessed.
It comes as the council revealed it used recruitment program PageUp; a cloud-based software company which announced in May an unauthorised person gained access to its systems.
PageUp is used by companies for recruitment of staff. Youi, Telstra, Coles, Australia Post, Target, Medibank, Kmart, Commonwealth Bank, Jetstar and NAB are just a few of its major clients.
PageUp said personal data that may have been accessed and disclosed included names, street and email addresses and telephone numbers.
Other data possibly breached includes employment information; status, company and title.
In an email sent out by the council, anyone that has applied for a role at the organisation in the past four years could be affected.
The Daily has contacted the council for comment.
On June 19, the Australian Cyber Security Centre, Office of the Australian Information Commissioner and IDCARE released a joint statement saying the breach was being investigated.
"While recognising that investigations are ongoing and that the situation may therefore change, ACSC emphasises that there is a significant distinction between information being accessed (which means there has been a systems breach) and information being exfiltrated by the offender," the statement read.
"In other words, no Australian information may actually have been stolen."
WHAT YOU SHOULD DO:
Immediately change passwords that may be the same as the one used during the recruitment process undertaken with impacted organisations.
Regularly change passwords and make them hard to guess.
Be wary of phishing emails by reviewing the sender of the email and be cautious of links and attachments - if in doubt, make your own enquiries with the organisation and individual concerned using other means.
Avoid telephone scammers - good organisations don't call you and then ask for your details - if in doubt, finish the call and do your own research by finding an alternative contact point and checking to see if the real organisation did call.