Personal data of job applicants and referees at risk after unauthorised access at connected third party


In early June 2018, the company disclosed in a statement on their website that although their connected vendor had suffered a security breach there was no evidence that their job applicants’ information had been compromised.

However, the company then posted a second statement after receiving an update from their vendor that while investigations are continuing "on the balance of probabilities" their vendor believed certain personal data had in fact been accessed. The exposed data could have included applicant information (contact details including name, email address, physical address and telephone number) and referee information (including name, email address and telephone number) and employment information at the time the reference was provided (including company, title, and the length of the relationship with the applicant).

Free consultation

Want to discuss this case? We're offering a FREE 20 minute phone consultation with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:


  • Aurizon Holdings Limited
  • PageUp

We've done the analysis so you can make the decisions

When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here