PageUp People, the embattled Melbourne-based recruitment software provider that last week revealed its systems had been breached, has turned to a pair of Australian cybersecurity consultancies for remediation.
The company, which develops a recruitment software service used by a range of major Australian businesses, including Coles, Telstra, Australia Post and Medibank, revealed last week it had been compromised after a malware infection the previous month.
PageUp admitted on Tuesday that its attackers had likely gained access to personal data relating to clients, placement agencies, applicants, references and our employees.
Melbourne-based security consultancy Hivint helped PageUp respond to the incident after attackers used "advanced methods" to gain unauthorised access to its IT systems in Australia, Singapore and the UK.
Hivint was co-founded by Craig Searle and Nick Ellsmore in 2015 to focus on what it calls "community-driven security". Its services include security strategy and governance, penetration testing, incident response, vulnerability management and compliance management.
It also runs a members-only resource system called Hivint Security Colony.
According to PageUp, Hivint has been "working around the clock to assist the PageUp team", and said the breach had now been "effectively contained".
PageUp has also enlisted Sydney-based forensic analysts Klein & Co to collect evidence, reconstruct the incident to fully understand the impact, and provide ongoing network security monitoring.
In addition to the experts mentioned above, the Australian Cyber Security Centre, Australian Federal Police and other organisations continue to work with PageUp to address the incident alongside its internal IT Security Team. Meanwhile, it’s back to business as usual for PageUp.
A third-party containment report is expected this week, which will be shared with the Australian Cyber Security Centre and Joint Cyber Security Centre members.
"Cybersecurity experts investigating have confirmed they have not identified any further threats on our systems. PageUp is safe to use," according to an advisory from the SaaS company.