Seven West and Bauer Media hit by PageUp People recruitment platform breach

Bauer and Seven West Media are among the victims of a security breach on an Australian recruitment platform that has seen job seekers’ personal details potentially compromised.

Melbourne-based HR service PageUp People has been debilitated after it detected ‘unauthorised activity’ on its network in late May. Since the announcement, large clients including Bauer, Seven West, Telstra and Coles have suspended their services with the company.

PageUp co-founder Karen Cariss: “Out of an abundance of caution, we suggest users change their password”

Last night, Bauer sent out messages to those whose data has been potentially compromised, warning they should change passwords and be wary of phishing attacks from fraudsters using the personal details taken from the system.

Among those receiving the message from Bauer were some industry figures who claimed they had never applied for a job with the company. Mumbrella understands their details were most probably entered into the system by recruitment agencies.

Seven West Media hasn’t sent out a warning to affected job seekers, however they have suspended use of the company’s platform with its job seeker page now saying online recruitment services are suspended until SWM is confident data is secure.

Karen Cariss, CEO and co-founder of the service said in a statement: “PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. On May 28, 2018 our investigations revealed that we have some indicators that client data may have been compromised, a forensic investigation with assistance from an independent 3rd party is currently ongoing.

“We take cyber security very seriously and have been working together with international law enforcement, government authorities and independent security experts to fully investigate the matter.

“There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.”

The company has an updated page on the security breach with advice for people concerned about their private information.

PageUp declined to answer Mumbrella’s questions about whether any other media companies have been affected or the number of potentially compromised individual accounts.

The text of Bauer’s warning message is below:

Important Notification about PageUp Security Incident

It has come to our attention that as a result of a recent security incident at PageUp, a vendor that provides certain hiring-related information services to Bauer Media, some of your personal details may have been accessed by an unauthorised person and possibly disclosed.

What has happened?

We have been advised that forensic investigations by PageUp have confirmed that an unauthorised person gained access to PageUp systems and personal data relating to clients, job applicants, references andPageUp employees. PageUp has provided more information on the incident here: PageUp Security Incident Update

How could I be impacted?

PageUp’s forensic experts have identified that compromised data may include names, street addresses, email addresses, and telephone numbers. Some employee usernames and passwords may have been accessed but are protected using encryption.

Importantly, PageUp has advised that it is confident that the most critical data categories including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts are not affected in this incident.

Are PageUp systems safe to use?

PageUp has advised that the incident has been contained on PageUp systems, and that PageUp is safe to use. Further security measures have been implemented to guard against any similar incidents in the future.

For general information about how you can protect your data privacy, visit the Australian Competition and Consumer Commission website at; and for NZ the Commerce Commission in New Zealand

What should I do?

If you are concerned your data may have been accessed by an unauthorised party, we advise that as a minimum you perform the following good security practices:

  • Change your passwords on other online services, if you re-use the same password
  • Enable multi-factor authentication and other available security measures provided by your other online services
  • Be aware of potential phishing emails and telephone calls from businesses or institutions requesting your personal details. Avoid opening attachments from unknown senders via email or social media
  • Install anti-virus software and keep it updated
  • Apply all recommended software patches from operating system and software providers.

Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella newsletter now.



Sign up to our free daily update to get the latest in media and marketing.