First National 'dealing with authorities' after reported information leak

Cover letters and CVs of job applicants have allegedly appeared online.

Australian real estate network First National has reportedly had information it held on job applicants leaked online.

The report was first made by Gareth Llewellyn on Twitter, who informed the company that CV and cover letters from individuals who had applied for a job with First National had inadvertently been published.

He claims the allegedly leaked information includes the full names, addresses, phone numbers, dates of birth, and other personal information -- as many applicants list their education and previous employment information on resumes -- of around 2,000 people.

First National has over 400 offices throughout Australia, New Zealand, and Vanuatu, but it is unclear as to how many places the alleged leaked information relates to, with the screenshots provided indicating the Burleigh Heads and Palm Beach offices in Queensland are allegedly affected.

A spokesperson for First National told ZDNet that it is currently dealing with the matter and could not provide any further information.

"The network at the moment is dealing with the appropriate authorities," they said on Tuesday morning.

Llewellyn, however, believes a commercial off-the-shelf vendor is at fault.

Australia's Notifiable Data Breaches (NDB) scheme came into effect on February 22, 2018, requiring agencies and organisations in Australia that are covered by the Privacy Act 1988 to notify individuals whose personal information are involved in a data breach that is likely to result in "serious harm" as soon as practicable after becoming aware of a breach.

When seeking a comment from the Office of the Australian Information Commissioner (OAIC) on the First National incident, a spokesperson said that in cases where the office is made aware of a potential privacy breach or notifiable data breach, it may engage with the organisation involved to establish the facts of the matter. 

However, the spokesperson did not comment on any specifics regarding the reported information leak.

The OAIC in October reported that it received 245 data breach notifications during the July through September period, with a pair of breaches impacting between 100,000 and 250,000 people.

Contact information was the type of information most commonly breached, with 208 instances; followed by financial details in 110 instances; identity information in 85 instances; and tax file number information in 55 instances. Health information was also revealed in 54 breaches.

RELATED COVERAGE

Emergency Warning Network confirms breach

Follows thousands of EWN customers receiving a bogus message via email, text, and landline late Saturday night.

PageUp confirms some data compromised in breach

The SaaS-based recruitment firm has confirmed some data was compromised in the recent malware attack it suffered.

Information on thousands of clients accessed in Family Planning NSW breach

Thousands of people's personal information may have been compromised after Family Planning NSW's online databases suffered a ransomware attack last month.

Australian Information Commissioner commends Red Cross for data breach response

Australia's information and privacy commissioner has said the community can have confidence in the Australian Red Cross Blood Service's commitment to the security of personal information, following his investigation into the DonateBlood.com.au data breach.

5 ways to build your company's defense against a data breach before it happens (TechRepublic)

Data breaches can be chaotic and stressful episodes. Learn the most effective actions you can take to help plan for these turbulent events.