RBA software provider flags 'unauthorised' activity

PageUp, a software-as-a-service (SaaS) company specialising in human resources, announced in a statement it had uncovered “indicators that client data may have been compromised” and had commenced a forensic investigation with assistance from third-party security experts.

The company lists the Reserve Bank of Australia and Zurich among its clients.

“There is no evidence that there is still an active threat, and the jobs website can continue to be used,” PageUp said.

“All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.”

In response to the “unauthorised activity”, the RBA has suspended the links to PageUp previously included on the banks’ online careers page.

“Please note that we are not currently aware that the unauthorised activity at PageUp People has resulted in any fraudulent use of any RBA applicant's personal data,” the RBA said in a notification on its careers page.

“The RBA recommends that any person who has applied online for a position with the RBA maintain a close watch on the use of their personal information to ensure that there has been no recent unusual activity.”

Responding to questions from ifa, Zurich said it did not use PageUp for recruitment purposes and as such “applicants and their data are not affected”.