Personal data of job applicants and employees at risk after unauthorised access at connected third party


In early June 2018, the company disclosed that the personal data of their employees and customers may have been exposed due to unauthorised access to one of their connected vendor's systems which was discovered and communicated to them in May.

Later that same month, their vendor reported that forensic investigations had concluded that the most critical data categories including resumes, financial information, Australian tax file numbers, employee performance reports and employment contracts were not affected. However, the forensic investigations had identified that compromised data may have included some personal employee data of those who had access to the vendor's service, contact details for job applicants (including name, email address, physical address, and telephone number) and non-personal data such as publicly available job information.

In November 2018, the vendor reported that their forensic expert had concluded that whilst the attacker was successful in installing tools that could exfiltrate data there was no specific evidence found that data was exfiltrated in this security incident.

Free consultation

Want to discuss this case? We're offering a FREE 20 minute phone consultation with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:


  • PageUp
  • Scentre Group Limited

We've done the analysis so you can make the decisions

When purchasing a minimum of 5 Case Studies
$699.99 if buying less than 5.

  • Detailed cause & effect analysis
  • Lessons learnt catalogued
  • Preventive controls extracted
Add to Cart
Heads up! Want to try before you buy? You can download our FREE demo case study here