A European politician who spent years investigating surveillance technology had his own phone infected with Pegasus spyware. That detail, confirmed by digital forensics researchers this week, landed like a thunderclap in cybersecurity circles, and it carries a direct warning for anyone sending job applications, signing employment contracts, or simply working from their phone in Bendigo in 2026.
The Pegasus case is extreme, but it illustrates a broader truth that security professionals have been repeating for two years: the attack surface for ordinary workers has exploded. Job seekers upload resumes crammed with personal data to platforms that monetise that information. Remote workers connect to corporate systems over home networks. Professionals store salary negotiations and reference contacts on devices that have minimal protection. The threats are no longer theoretical, and the targets are no longer just politicians or executives.
What the Local Picture Looks Like
Bendigo's tech sector has grown fast enough that the city now has a genuine concentration of professionals handling sensitive data daily. La Trobe University's Bendigo campus, on Edwards Road, runs a cybersecurity curriculum that its students say is increasingly focused on workplace scenarios rather than abstract network defence. Meanwhile, the coworking hub at the Bendigo Marketplace precinct on Mitchell Street has seen its membership climb to more than 340 active desks since January 2026, according to figures circulated at a March industry breakfast, a sign of just how many freelancers, contractors, and startup workers are processing professional data outside traditional corporate IT environments.
The Bendigo Tech Council, which represents roughly 180 member organisations across the region, issued a workplace digital safety advisory in May 2026 specifically flagging risks around recruitment platforms and AI-assisted hiring tools. The advisory singled out the practice of job seekers uploading government-issued ID documents to verify credentials on third-party sites, a process that, the council noted, often involves servers outside Australian jurisdiction and privacy law reach.
The Numbers That Should Concentrate the Mind
The Australian Cyber Security Centre's 2025 annual report recorded a 23 percent rise in credential theft incidents targeting individuals rather than organisations, meaning your login, not your employer's server, is now the preferred entry point. The average cost of recovering from identity theft in an employment context, including lost wages and legal fees, sat at $4,700 per individual according to the same report. Phishing emails impersonating recruitment firms were the delivery mechanism in 41 percent of those cases.
Browser security is part of this picture too. Chrome and Safari dominate Australian usage, but both have faced sustained criticism in 2026 over how they handle browsing data tied to professional accounts. Several privacy-focused alternatives have gained significant market share this year, and security teams at organisations like Bendigo Bank, headquartered on Pall Mall, are actively advising staff on browser choice as part of updated device policies rolled out this quarter.
For job seekers specifically, the risks begin before the first interview. Fake job listings designed to harvest personal information increased sharply on LinkedIn and Seek between January and May 2026. The tell is usually an unsolicited request for a Tax File Number, bank account details, or passport scan before any formal offer is made. No legitimate Australian employer requires those documents at the application stage.
Practical steps matter more than abstract warnings. Professionals in Bendigo should enable multi-factor authentication on every account linked to work, email, cloud storage, payroll portals. Use a dedicated email address for job applications, separate from the one tied to banking. Check whether any recruitment platform you use stores your data on Australian servers; under the Privacy Act 1988, you have the right to request deletion. If you work remotely from shared spaces like those on Mitchell Street, avoid accessing payroll or HR systems on public wi-fi without a VPN. And treat any unsolicited message promising a job opportunity with the same scepticism you'd apply to a cold call asking for your credit card number. The technology targeting workers has grown sophisticated. The defences do not have to be complicated, they just have to exist.