Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 22 November 2018 11:11

PageUp claims no data taken in breach. Please pull the other one

PageUp claims no data taken in breach. Please pull the other one Pixabay

If human resources outfit PageUp People's chief executive and co-founder Karen Cariss is to be believed, then whoever it was that breached the company's networks and encountered a very tasty mass of data, left it completely untouched. If only all hackers were as benevolent!

That's the message Cariss has attempted to spread in an email sent to customers, with a strong note of self-pity dominating her missive.

As an aside, the headline she used, "Learnings from recent security incident and roundtables" reminded one of the Sacha Baron Cohen film "Borat: Cultural Learnings Of America For Make Benefit Glorious Nation Of Kazakhstan".

The breach was announced on 6 June, with the company indicating that it had been first noticed on 23 May.

Among PageUp's customers are the Commonwealth Bank. the Australian Broadcasting Corporation, Telstra, NAB, Coles, Aldi, Medibank, Australia Post, Target, Reserve Bank of Australia, Officeworks, Kmart, Linfox, AMP, Asahi, Sony, Newcrest, the University of Tasmania and Lindt.

With a list like that, you'd be inclined to think that whoever made their way into the network would have left with something that made the breach worth their while. But it seems these hackers were on L plates. Or so PageUp would have us believe.

The one line included in the email about the investigation conducted by Klein & Co is telling: "It concluded that while an attacker was successful in installing tools that could exfiltrate data, no specific evidence was found that data was exfiltrated." (emphasis mine).

So was there any general evidence that data was exfiltrated? (Emphasis mine again). Cariss hasn't said a word more, but spent a good deal of the rest of a fairly long email wallowing in self-pity, outlining the strain that the company's staff were put under but having little regard to being open about the incident.

"The incident placed a significant strain on our internal team. Some team members took the frustrations of our customers personally and all were so committed to responding to the needs of our customers that they worked around the clock, causing people to be incredibly tired," Cariss wrote.

In other words, poor us, we suffered so much because of this breach. Why a company which turned over $31 million in 2015-16 could not be bothered putting a proper security strategy in place was never mentioned.

PageUp's communication with the media was pathetic at best. But even for this, Cariss blamed the PR company or companies that were advising her. One of them we know – the biggest global PR firm, Edelman.

But its skills in media management were laid bare when the head of its Australian operations, Edelman Australia managing director Scott Thomson, tried to imply that this writer was aiding the authors of a book on breach management by writing about the PageUp incident. That's the best he could do, which begs the question: why was Edelman hired?

Cariss says in her email, "Openness is part of our DNA..." which sounds mighty peculiar coming from a company that even today has yet to provide a comprehensive public statement as to how the breach occurred and the extent of damage. Some information was published on 19 June; additional details were published on an undated Web page which was not linked from anywhere on the company's's website.

And to cap it all, the company has no media contact details listed on its website.

Apart from the company's incompetence, the one thing that the breach proved is that the Australian data breach law has no teeth. It is a figleaf and the public should not be deceived into believing that they will be in any protected.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments