We are aware of a security incident with PageUp, a third party vendor that provided us with software services used as part of our recruitment process; between March 2015–May 2018.
PageUp has notified organisations including Kathmandu that they have confirmed their IT infrastructure was accessed by an unauthorised person. Certain data sets in PageUp’s IT infrastructure has been affected by a malware attack that occurred between 15 May and 23 May 2018.
PageUp has provided more information here.
Additionally PageUp have set up a dedicated support page for potentially affected individuals.
Whilst we are still waiting for a response from PageUp to confirm what specific Kathmandu applicant data or specific Kathmandu applicants have been impacted (if any), we have notified all applicants who could have been affected. We are also undertaking the additional step of removing all applicant data from PageUp.
Kathmandu is treating this matter very seriously and is taking all necessary action to protect the security of our people data. We have ceased connectivity and processes between Kathmandu's systems and PageUp's systems and disabled all candidate upload access points to PageUp.
PageUp have advised that forensic experts have identified that compromised data may be the following:
Kathmandu did not request the inclusion of references in applicant's information submission.
If the application progressed and was submitted for a reference check, then the referee's contact information (including name, email address, and telephone number) and the referees employment information at the time the reference was provided (including company, title, and the length of the relationship with the applicant) could be affected.
PageUp have advised that they are confident that the most critical data categories including proof of identification, resumes, financial information, tax file numbers and employment contracts are not affected in this incident.
We recommend that anyone who has used our online recruitment system to check that there has been no unusual activity concerning their personal information. The Office of the Australian Information Commissioner (OAIC) provides guidance.
PageUp have also provided the following resources to support potentially affected individuals:
PageUp call centre phone numbers:
AUS Toll Free — 1300893787
AUS Landline — +61390687721
UK Toll Free — 08004049256
We sincerely regret this incident and apologise for any inconvenience caused.
If you have any queries please email firstname.lastname@example.org.
Individuals can also contact PageUp at email@example.com or via the PageUp call centre numbers listed above.
Ngā mihi nui
Kathmandu People Team