PageUp, which handles job applications internationally, said users’ details may have been compromised.
A malware-hit job-hunting website might have exposed sensitive user data after detecting “unusual” activity last month.
Australia-based firm PageUp confirmed it had suffered a malware attack last month after an unknown party accessed its system.
Information such as names and contact details may have been compromised, as well as employment details and employee numbers in some cases.
Usernames and passwords may also have been stolen, but PageUp confirmed this information was encrypted.
A statement by CEO Karen Cariss read: “There is no evidence that there is still an active threat, and the jobs website can continue to be used.
“All client user and candidate passwords in our database are hashed using bcrypt and salted; however, out of an abundance of caution, we suggest users change their password.”
Employment contracts and resumes were stored in a different location, the company confirmed, and weren’t affected by the hack.
The incident happened on May 23, when the unauthorized activity was detected.
On May 28, an investigation concluded that the breach was due to a malware attack, though specific details have not been released.
Companies affected by the cybersecurity incident include Aldi, Clydesdale Bank, and Lindt, which all operate within the EU.
This data breach is one of the first high-profile cases since the introduction of the General Data Protection Regulation (GDPR), which came into effect on May 25.
The new guidelines state that companies have to adhere to tighter data protection laws, and govern how and when a firm needs to report a leak.
PageUp has reported the incident to data regulators across the EU in accordance with the new rules.
It has also notified regulators from Australia’s Notifiable Data Breaches scheme, which states suspected data breaches must be reported immediately.