Government recruitment in the state of Tasmania has resumed nine days after a suspected data breach with provider PageUp led to the suspension of activity.
Jenny Gale, secretary of the Tasmanian Department of Premier and Cabinet, announced on Friday an interim solution to resume government recruitment had been reached.
“On balance of probabilities” some personal data has been accessed, PageUp has advised the government. This includes names, street addresses and other contact information relating to both job seekers, placement agencies, and client bodies.
Five days after first being notified of the potential breach on June 1, the government still had not confirmed if job-seeker data had been compromised. 120,000 account holders were notified of the potential breach of their data.
Below is the statement from Jenny Gale:
Restarting government recruitment
The Tasmanian Government has today restarted job advertising using an interim solution while the usual systems is suspended
The new solution was built in-house and is being hosted at the existing jobs.tas.gov.au URL.
The Tasmanian Government takes the protection of IT systems and personal information extremely seriously. Security precautions for the interim solution include but are not limited to encryption of applications before they are sent across the internet to Tasmanian Government systems, storage of applications on Australian Government-certified infrastructure and an independent review and testing of the system by external IT security consultants.
We thank job seekers for their patience while we have worked out the most secure way to restart our recruitment.
Recruitment processes where applications had been extracted before the suspension of the Jobs website on 6 June 2018 are continuing to progress. Positions that were still open as at 6 June are being readvertised if still required.
In its latest update, PageUp advised it is continuing to investigate but “on the balance of probabilities, we believe certain personal data relating to our clients, placement agencies, applicants, references and our employees has been accessed”. The data may include names, street addresses, email addresses, and telephone numbers.
PageUp said no employment contracts, applicant resumes, Australian tax file numbers, credit card information or bank account information were affected. No data contained in onboarding, performance, learning, compensation or succession modules was affected.
Some employee usernames and passwords may have been accessed, however current password data is protected using industry best practice techniques and considered to be of very low risk to individuals.
The Government emailed approximately 120,000 account holders via their registered email addresses advising them of the data incident and steps they can take to protect themselves. Updates will continue to be provided via the Jobs Website as they are available.
People should not share their information or credentials if they receive unsolicited contact from any party, including anyone claiming to represent PageUp. Anyone who has used the same credentials (email and password) elsewhere should change them on those sites.
People who are concerned or have questions can email [email protected]