In early June 2018, the company disclosed that the personal data of their employees and customers may have been exposed due to unauthorised access to one of their connected vendor's systems which was discovered and communicated to them in May.
Later that same month, their vendor reported that forensic investigations had concluded that the most critical data categories including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts were not affected. However, the forensic investigations had identified that compromised data may have included some personal employee data of those who had access to the vendor's service, contact details for job applicants (including name, email address, physical address, and telephone number) and non-personal data such as publicly available job information.
In November 2018, the vendor reported that their forensic expert had concluded that whilst the attacker was successful in installing tools that could exfiltrate data there was no specific evidence found that data was exfiltrated in this security incident.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions