The timing couldn't have been worse for PageUp; two days before Europe's new data protection regime came into force the Melbourne-based online recruitment specialist's security systems detected suspicious activity.

By May 28 – three days after the General Data Protection Regulation went live – PageUp knew client data may have been compromised and that it had 72 hours to alert the British Information Commissioner's Office, due to the UK's incredibly stringent laws on breach disclosure.

It has also liaised with the Office of the Australian Information Commissioner as required under the mandatory data breach notification rules, which came into force in February.

On June 1 it alerted its customers; on June 5 it confirmed the breach publicly.

Read More