Another day, another data breach. This time, employee application site PageUp is the latest victim with a breach that is at least 2 million users big.
The site boasts over 2 million active users. Unfortunately for everyone involved, those 2 million plus users are now looking for more than a job. The website says that it has detected suspicious activity on their site. The suspicious activity involved malware and fraudulent activity on the site. Although PageUp stores sensitive information such as banking information and tax numbers, it says that this information still remains safe.
From the BBC:
In a statement, the firm’s chief executive Karen Cariss confirmed that malware was the source of the incident.
She added: “On 23 May, 2018, PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation.
“On 28 May, 2018 our investigations revealed that we have some indicators that client data may have been compromised, a forensic investigation with assistance from an independent third party is currently ongoing.
“We take cyber-security very seriously and have been working together with international law enforcement, government authorities and independent security experts to fully investigate the matter.”
This latest security incident is the third to hit the media this month. The scary thing is that none of these incidences fall below the 1 million user threshold, so all of them are certainly significant. This month started with the MyHeritage security incident where 92 million accounts were potentially compromised. This was followed up with the TicketFly data breach. That one saw 26 million accounts compromised.
While it is easy to say that this one is small in light of the other two security incidences, the size is still quite big. This one will likely affect a lot of people in regions such as Europe where such a website appears to be bigger. The good news is that this incident is under the GDPR rules, so it seems at least one company is abiding by the laws. That may be of little comfort to the affected users. Still, at least users are protected legally in that they are being notified much sooner than, say, certain North American breaches.