Careers – PageUp update
Update as at 20 September 2018
On 6 June 2018, nib was made aware of a data security incident with one of our human resources technology providers, PageUp, which impacted a large number of Australian and New Zealand companies.
In the interests of protecting our employee and candidate privacy, we suspended our use of the PageUp system, including our careers website until we could fully understand the nature and extent of the security incident and possible data breach. We also had PageUp re-set all passwords to nib Group job candidate accounts.
Following an extensive independent security review of PageUp’s systems, as well as confirmation from PageUp that its system is safe to use, we have made the decision to reinstate our careers website using the PageUp system from Tuesday, 25 September 2018.
As part of this review, nib engaged an independent cybersecurity firm to assess the security of all of PageUp’s systems which were implicated in the security incident and ensure that all risks were remediated.
This evidence-based engagement consisted of the review of multiple penetration (stress) tests applied to all PageUp systems to ensure the remediation activities completed by PageUp post the incident had resolved any identified issues.
In addition, the firm reviewed all processes and attestations held by PageUp, up to and including the ISO27001 certification standards under which PageUp operates.
PageUp has also confirmed it has significantly increased its security measures and the original threat has been contained and eradicated. You can read PageUp’s response here.
The Office of the Australian Information Commissioner (OAIC), The Australian Cyber Security Centre (ACSC) and IDCARE has also issued a joint statement on the PageUp incident.
We take the privacy of our employees and job candidates very seriously and have not made this decision lightly.
A number of other impacted companies have also taken this step over the last few months and have resumed their use of the PageUp system.
While PageUp has confirmed that some personal information of its clients was accessed by an unauthorised person and possibly disclosed as part of the incident, nib has not received any confirmation from PageUp that our employees’ or candidates’ data has been specifically affected. We are also not aware of any fraudulent activity occurring as a result of the security breach.
Importantly, PageUp has advised that it is confident that the most critical data categories including resumes, financial information, Australian tax file numbers, New Zealand IRD information and employment contracts were not affected in this incident.
We recommend employees and candidates continue to monitor for any unusual activity concerning their personal information and maintain a close watch on the use of their personal information.
Candidates are encouraged to contact us on [email protected] if they have any questions about the reinstatement of the PageUp system or to discuss alternatives for applying for roles within the nib Group.