Update on recruitment and staff onboarding system

Update: 18 July 2018

Based on independent expert advice and the implementation of increased security measures by PageUp, Monash University will reinstate the use of PageUp to manage recruitment, onboarding and staff development activities.

Monash originally took the precaution of taking its system offline on Monday 4 June following advice from PageUp about the unauthorised activity detected on their systems.

PageUp’s independent cybersecurity experts have confirmed that no further threats have been identified on its systems and PageUp is safe to use. Based on this advice, in conjunction with increased security measures implemented by PageUp, Monash is satisfied the incident has been contained and that the Monash system is secure.

PageUp has implemented a range of additional security measures on its system. We will also prompt all applicants through the Monash system to reset their account passwords when they login.

Monash University’s Privacy Procedure provides a general statement about how personal, sensitive and health information is managed by the University, and theE-Recruitment Privacy Collection Statement details how we collect and use personal information.

PageUp is a Software as a Service (SaaS) offering Monash uses to assist in streamlining human resources processes such as managing recruitment and staff development. PageUp has provided more information about the May incident on their website.

Original article

Monash is a client of PageUp for managing recruitment, onboarding and staff development activities.

Following advice from PageUp about the unauthorised activity detected on their systems, Monash took the precaution of taking its system offline on Monday 4 June. The system remains offline.

Today we received further advice from PageUp that its investigations have confirmed unauthorised access to its systems.

PageUp has yet to identify the individual organisation or individuals impacted. It has, however, identified the data that has not been affected, and the data that may have.

PageUp has advised that the following types of data have not been impacted:

  • Resumes
  • Financial information
  • Australian Tax File Numbers
  • Employment contracts
  • Uploaded documents

PageUp has advised that the following types of data may have been impacted:

  • Names
  • Email addresses
  • Physical addresses
  • Telephone numbers
  • Biographical details including gender, date of birth, and maiden name (if applicable), nationality, and whether the applicant was a local resident at the time of the application
  • Employment details at the time of the application
  • Some usernames and passwords may have been accessed, but are protected using strong encryption.

Monash has again today provided updated direct communications to all staff, live and historic applicants about the incident and updated information on our website and staff intranet.

We have also taken the extra step of contacting anyone who has applied for a role with Monash since we starting using the systemto provide information on the steps they can take if they have concerns about their data.

This includes implementing standard good security practices including:

  • Changing passwords on other online services, if they re-use the same passwords
  • Enabling multi-factor authentication and other available security measures provided by online services
  • Being aware of potential phishing emails and telephone calls from businesses or institutions requesting personal details and avoiding opening attachments from unknown senders via email or social media
  • Installing anti-virus software and keeping it updated
  • Applying all recommended software patches from operating system and software providers.

Anyone with concerns about their information can also contact PageUp at security-enquiries@pageuppeople.com or the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or on 1300 363 992.