Hanrick Curran is currently investigating an apparent software falter which caused the resumes of prospective employees to become publicly searchable.
Partner at the firm, Mark Sheridan, stressed this issue is not related to client or current employee data.
“Confidentiality is second nature to accountants, and we are complying in any way we have to to resolve the matter,” Mr Sheridan told Accountants Daily.
For now, all the affected information has been taken down, and candidates have also been advised of the situation. Hanrick Curran also notified the Office of the Australian Information Commissioner (OAIC).
The matter is potentially captured under the Privacy Act, but it’s not yet clear if it is reportable under the new Notifiable Data Breach Scheme (NDBS).
The OAIC, which regulates the NDBS, is unable to comment on the matter.
Similarly, the RBA has suspended links to HR software PageUp from its careers page, after unauthorised activity was detected on central IT systems.
So far, the RBA is not aware of any fraudulent use of its housed data, but it’s warning candidates to remain vigilant.
“The RBA recommends that any person who has applied online for a position with the RBA maintain a close watch on the use of their personal information to ensure that there has been no recent unusual activity,” it said in a statement released yesterday.
‘Awareness is low’
Founder of Smithink and consultant to accounting firms, David Smith, has long been concerned about the broader awareness of cyber security in small to medium Australian accounting firms.
In particular, technical awareness of how third-party platforms manage their security, and how that in turn impacts Australian firms, is low.
“That’s one of the challenges here for a lot of firms. A cloud platform can have an issue, and you may not even be aware of it,” Mr Smith told Accountants Daily.
The OAIC’s first lot of quarterly statistics for the NDBS show accounting and professional services firms as among the top five industry sectors that reported breaches between January and March this year.
Of the 43 reported breaches in the first quarter, 10 came from legal, accounting and management services firms.
“I think there is more movement and awareness, but hackers are becoming smarter. Hackers realise accountants are a treasure trove for identity theft,” Mr Smith said.