Privacy incident - PageUp People Limited
We are aware of an incident involving PageUp People Limited, a provider of human resources services for a number of Australian entities, which might include Queensland government agencies.
On May 23, 2018, PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. On May 28, 2018 their investigations revealed some indicators that client data may have been compromised, a forensic investigation with assistance from an independent 3rd party is currently ongoing.
The Office of the Australian Information Commissioner (OAIC) is in contact with PageUp and the Australian Cyber Security Centre about the incident.
The Notifiable Data Breaches (NDB) scheme, which commenced on 22 February 2018, requires organisations to notify affected individuals and the OAIC where there is a likely risk of serious harm to any of the individuals whose personal information is involved in an eligible data breach. The NDB Scheme can apply to Queensland government agencies if they have a data breach involving loss of tax file numbers.
The OAIC has published a number of resources for those affected by a data breach and action they can take: https://www.oaic.gov.au/individuals/data-breach-guidance
We also have community resources about making a privacy complaint against a Queensland government agency and government resources about privacy breach management and notification.
If anyone has concerns about this incident they can, in the first instance, contact PageUp at firstname.lastname@example.org, and if not satisfied with their response they can contact the OAIC at www.oaic.gov.au or on 1300 363 992.
Alternatively, our Enquiries Service can be contacted for general advice on 07 3234 7373, 1800 642 753 or email@example.com