Information on PageUp IT Issue – 27 June 2018

Information on PageUp IT Issue – 27 June 2018

On 5 June we advised that VMCH was among a number of Australian organisations who suspended connections with human resources technology provider PageUp, after they confirmed that unauthorised access to PageUp systems and personal data relating to clients, job applicants, references and PageUp employees was made.

What steps have we taken?

VMCH has taken the following steps to investigate this incident and protect personal data:

  • Engaged directly and repeatedly with PageUp to understand what steps they are taking to investigate the incident and to secure their systems;
  • Engaged with the Australian Government’s Joint Cyber Security Centre (JCSC), the Office of the Australian Information Commissioner (OAIC) and other data security bodies and experts to understand the extent of the issue, risk management and data protection options; • Initiated a reset of all our candidate passwords in PageUp;
  • Reset all passwords on our systems which connect to PageUp.

What do I need to do?

VMCH is not aware that any of our team members’ or job applicants’ data has been specifically affected. Nor are we aware of any fraudulent activity relating to anyone’s data occurring as a result of the security breach.

However, PageUp have advised that if you have applied online for a role with VMCH, it is possible that your personal data may have been accessed as a result of the breach. This may include names, street addresses, email addresses, telephone numbers and dates of birth.

We recommend that any person who has applied online for a position with VMCH who has concerns surrounding their personal information risks access the Office of the Australian Information Commissioner (OAIC) on protecting personal information.

You can also find useful information on the IDCARE website. IDCARE is Australia’s national identity and cyber support service for the community.

Update on PageUp systems

At this time, PageUp has informed VMCH that:

  • PageUp’s systems did sustain unauthorised access;
  • PageUp is not yet able to advise whether any data has been taken;
  • Importantly, the most critical data categories, including copies of passports, resumes, bank account details, tax file numbers, employee performance reports and employment contracts were not affected in this incident; and
  • Page Up has notified the Australian Privacy Commissioner of the eligible data breach.

The Office of the Australian Information Commissioner (OAIC), The Australian Cyber Security Centre (ACSC) and IDCARE has also issued a joint statement on the PageUp incident.

Resumption of PageUp Services

VMCH has received written assurance from PageUp that:

The original threat has been removed;

  • No further security issues have been identified on the PageUp system;
  • The PageUp system is safe to use; and
  • Further security measures have been implemented to help guard against a similar incident in the future.

On this basis, VMCH has determined to progressively recommence recruitment via the VMCH career website, using the PageUp system.

Current job applications

If you have applied for a role with VMCH, applications prior to the threat removal from PageUp have been handled manually so there is no threat to data. Based on recent information from PageUp, VMCH applications have now recommenced via the VMCH website, utilising the PageUp system.

More information

If you have a question about how to reset your PageUp password, access your PageUp profile or view your PageUp data, you can call PageUp on (toll free) 1300 893 787 or 03 9068 7721. You can also access the PageUp website at


Sonya Smart