Rail operator Aurizon says people who have used its online careers portal since 2009 may have had their personal data accessed by an unknown entity.
Aurizon last week said PageUp, its cloud-based software vendor for its online recruitment portal, had informed it of a security breach, but at that time Aurizon said there was “no evidence” yet of any personal data being accessed.
The rail operator provided an update on June 14, however, saying PageUp now believed “on the balance of probabilities” that personal data has been accessed.
Aurizon says it’s advised all employees of the breach, and is in the process of getting in touch with all previous applicants who have used the system.
It is directing past applicants to guidance on protecting themselves from identity fraud, and is recommending they contact IDCARE, Australia’s national identity and cyber support service.
Personal information that may have been accessed includes applicants’ name, email address, physical address, telephone number, gender, date of birth, maiden name, nationality and residency status.
“Aurizon is taking the matter seriously and has taken the recommended actions to minimise any further risks,” the rail operator said.
“Aurizon is continuing to engage with PageUp, the Australian Government and relevant authorities regarding this incident.”
PageUp has told Aurizon it has eliminated the threat from its online system, and says the system is now safe to use.
“Further security measures have been implemented to help guard against any similar incident in the future,” Aurizon said.