Unauthorised Access of Third Party Vendor IT Systems
Aurizon has been notified by PageUp (its cloud-based software vendor for recruitment) that there had been unauthorised access on their IT systems. PageUp has advised the incident has been contained and the threat has been eradicated, and they are working with forensic experts to investigate if any personal information was compromised.
Aurizon is taking the matter seriously and has taken the recommended steps to further safeguard the information that is hosted by PageUp. We are continuing to engage with PageUp about the situation.
Aurizon (previously QR National) has been using PageUp since 2009 for online recruitment.
What does this mean?
There is no evidence that Aurizon’s job applicants’ information has been compromised, however we have recommended that employees who have used the careers portal since 2009 check there has been no unusual activity concerning their personal information. We also encourage those people who have used our online recruitment system to do the same. The Office of the Australian Information Commissioner (OAIC) provides
In most cases, the personal information that could potentially be impacted is only the applicant’s contact details, diversity information and education and work experience. For our employees whose applications were successful, the information in PageUp’s systems may include:
Questions relevant to the job such as if you have Work Rights or an Australian citizenship
Medical clearance (for relevant roles)
Background checking (including information on criminal backgrounds, driving history, qualifications as relevant to the role)
License number/passport number (if provided as a form of identification).
Aurizon does not currently collect or store the following candidate information in PageUp:
To be clear, there is no evidence that Aurizon’s job applicants’ information has been compromised and the Company is taking all the necessary actions to minimise any further risks.