SINGAPORE - Applicants for public-service jobs in Singapore could have had their information compromised, as a malware infection was found to have hit an outsourced Australian-based vendor here.
Users of the Careers@Gov online portal, which lists job positions and takes in applications for public-sector vacancies, were informed of a malware breach of the portal's vendor by e-mail on Sunday (June 10).
"At this stage, the vendor has not seen further sign of suspicious activity. The malware has been contained and the threat eradicated," said the e-mail from Careers@Gov.
The portal is run by Australian human resources software provider PageUp, which counts universities, banks and the Tasmanian government among its clients.
It provides recruitment and career software for companies to create a website portal that lets them publish job openings, receive applicants’ resumes and shortlist applicants.
A spokesman for the Public Service Division, which oversees the portal, said: “We are currently investigating and obtaining more information from PageUp.”
Careers@Gov has about 297,000 account holders held by public officers and members of the public who have accessed the portal to apply for a job with the public service.
PageUp had detected the malware infection much earlier, with its chief executive and co-founder Karen Cariss posting a statement on the company's website saying that the company had "detected unusual activity on its IT infrastructure" on May 23.
"We have some indicators that client data may have been compromised," said Miss Cariss, adding that the company was conducting a forensic investigation and working with law enforcement and government authorities on the matter.
Such data could include names and contact details of users, along with user names and encrypted passwords.
The breach has affected PageUp clients such as the University of Melbourne, the Australian National University and the Australia Post.
A check by The Straits Times on Monday morning showed that the Careers@Gov website is still running on the PageUp system, even as other clients, such as Australian bank Commonwealth Bank and telco Telstra pulled their recruitment websites offline last week.
Users of the portal are urged to change their Careers@Gov account password as an added security measure, as well as the passwords on other websites or accounts they have if those accounts share the same user name and password credentials.