Skip to content

Careers – PageUp update

Update as at 20 September 2018

On 6 June 2018, nib was made aware of a data security incident with one of our human resources technology providers, PageUp, which impacted a large number of Australian and New Zealand companies.

In the interests of protecting our employee and candidate privacy, we suspended our use of the PageUp system, including our careers website until we could fully understand the nature and extent of the security incident and possible data breach. We also had PageUp re-set all passwords to nib Group job candidate accounts.

Following an extensive independent security review of PageUp’s systems, as well as confirmation from PageUp that its system is safe to use, we have made the decision to reinstate our careers website using the PageUp system from Tuesday, 25 September 2018.

As part of this review, nib engaged an independent cybersecurity firm to assess the security of all of PageUp’s systems which were implicated in the security incident and ensure that all risks were remediated.

This evidence-based engagement consisted of the review of multiple penetration (stress) tests applied to all PageUp systems to ensure the remediation activities completed by PageUp post the incident had resolved any identified issues.

In addition, the firm reviewed all processes and attestations held by PageUp, up to and including the ISO27001 certification standards under which PageUp operates.

PageUp has also confirmed it has significantly increased its security measures and the original threat has been contained and eradicated. You can read PageUp’s response here.

The Office of the Australian Information Commissioner (OAIC), The Australian Cyber Security Centre (ACSC) and IDCARE has also issued a joint statement on the PageUp incident.

We take the privacy of our employees and job candidates very seriously and have not made this decision lightly.

A number of other impacted companies have also taken this step over the last few months and have resumed their use of the PageUp system.

While PageUp has confirmed that some personal information of its clients was accessed by an unauthorised person and possibly disclosed as part of the incident, nib has not received any confirmation from PageUp that our employees’ or candidates’ data has been specifically affected. We are also not aware of any fraudulent activity occurring as a result of the security breach.

Importantly, PageUp has advised that it is confident that the most critical data categories including resumes, financial information, Australian tax file numbers, New Zealand IRD information and employment contracts were not affected in this incident.

We recommend employees and candidates continue to monitor for any unusual activity concerning their personal information and maintain a close watch on the use of their personal information.

Candidates are encouraged to contact us on [email protected] if they have any questions about the reinstatement of the PageUp system or to discuss alternatives for applying for roles within the nib Group.

FAQs

On 6 June 2018, nib was made aware of a data security incident with one of our human resources technology providers, PageUp, which impacted a large number of Australian and New Zealand companies.

In the interests of protecting our employee and candidate privacy, we suspended our use of the PageUp system, including our careers website until we could fully understand the nature and extent of the security incident and possible data breach. We also had PageUp re-set all passwords to nib Group job candidate accounts.

While PageUp has confirmed that some personal information of its clients was accessed by an unauthorised person and possibly disclosed as part of the incident, nib has not received any confirmation from PageUp that our employees’ or candidates’ data has been specifically affected. We are also not aware of any fraudulent activity occurring as a result of the security breach.

Importantly, PageUp has advised that it is confident that the most critical data categories including resumes, financial information, Australian tax file numbers, New Zealand IRD information and employment contracts were not affected in this incident.

Following an extensive independent security review of PageUp’s systems, as well as confirmation from PageUp that its system is safe to use, we have made the decision to reinstate our careers website using the PageUp system from Tuesday, 25 September 2018.

PageUp is an Australian company who provides HR software systems and is one of the largest recruitment system providers in Australia.

nib uses PageUp to manage job applications and candidate information across the nib Group (including Australia, New Zealand, GU Health and World Nomads Group businesses). We have been using PageUp for nib since April 2016, while World Nomads Group has been using PageUp since December 2016 and GU Health since November 2017.

nib takes the privacy of our employees and job candidates very seriously and have not made this decision lightly.

We engaged an independent cybersecurity firm to assess the security of all of PageUp’s systems which were implicated in the security incident and ensure that all risks were remediated.

This evidence-based engagement consisted of the review of multiple penetration (stress) tests applied to all PageUp systems to ensure the remediation activities completed by PageUp post the incident had resolved any identified issues.

In addition, the firm reviewed all processes and attestations held by PageUp, up to and including the ISO27001 certification standards under which PageUp operates.

PageUp has also confirmed it has significantly increased its security measures and the original threat has been contained and eradicated. You can read PageUp’s response here.

The Office of the Australian Information Commissioner (OAIC), The Australian Cyber Security Centre (ACSC) and IDCARE has also issued a joint statement on the PageUp incident.

We recommend employees and candidates continue to monitor for any unusual activity concerning their personal information and maintain a close watch on the use of their personal information.

While PageUp has confirmed that some personal information of its clients was accessed by an unauthorised person and possibly disclosed as part of the incident, nib has not received any confirmation from PageUp that our employees’ or candidates’ data has been specifically affected. We are also not aware of any fraudulent activity occurring as a result of the security breach.

Importantly, PageUp has advised that it is confident that the most critical data categories including resumes, financial information, Australian tax file numbers, New Zealand IRD information and employment contracts were not affected in this incident.

PageUp has confirmed that it has significantly increased its security measures and that the original threat has been contained and eradicated. You can read PageUp’s response here.

We take the privacy of our employees and job candidates very seriously.

In the interests of protecting employee and candidate privacy, nib on being made aware of the incident suspended its use of the PageUp system, including our careers website, until we could fully understand the nature and extent of the security incident and possible data breach.

As a precautionary measure, nib also had PageUp re-set all passwords to nib Group job candidate accounts.

Prior to reinstatement of the PageUp system, we have undertaken an extensive security review of PageUp’s systems with an independent cybersecurity firm to assess the security of all of PageUp’s systems which were implicated in the security incident and ensure that all risks were remediated.

We recommend employees and candidates continue to monitor for any unusual activity concerning their personal information and maintain a close watch on the use of their personal information.

We recommend any person who has applied online for a position with nib since April 2016, World Nomads Group since December 2016 or GU Health from November 2017, continue to check for any unusual activity concerning their personal information and maintain a close watch on the use of their personal information.

As a precautionary measure, nib had PageUp re-set all passwords to nib Group job candidate accounts once we were made aware of the incident.

Candidates are unable to delete their own PageUp profile; however, if you would like your nib PageUp profile to be deleted, we can do this on your behalf. Please contact us at [email protected] for assistance.

The Office of the Australian Information Commissioner (OAIC) also provides guidance on how to protect yourself from identity fraud.

Yes. PageUp have detailed who it has notified on its website https://www.pageuppeople.com/

In addition, nib notified the Irish Data Protection Commission in line with European Union General Data Protection Regulation.

We understand this incident is concerning for job candidates and can assure them that we take their privacy extremely seriously.

Candidates are encouraged to contact us on [email protected] if they have any questions about the reinstatement of the PageUp system or to discuss alternatives for applying for roles within the nib Group.

Browse career opportunities

View current roles