Hackers Gut Gold-Mining Firm Goldcorp
Data dump; Network intrusion
A trove of employee and corporate data from the Vancouver-based firm has apparently been dumped online.
After receiving a tip from the hackers on the afternoon of April 26 about the alleged breach, the Daily Dot contacted Goldcorp via email, website contact form, and phone to alert them to the matter. A company employee said they were already aware of the situation.
The firm said in statement on April 27: “Goldcorp confirmed today that the company’s network has been compromised and is working to determine the full scope and impact of the incident...The company’s internal IT security team has been working with leading independent IT security firms to rapidly gather facts, provide information to affected employees and ensure a robust action plan is in place, including immediate preventative modifications to its IT processes and increased network security protocols.”
According to Bloomberg, the data breach was part of an attempt to extort money from the third-largest gold mining company.
In a document posted to a public bulletin board, the hackers have provided sample data and a link to a full torrent download, which measured 14.8 GB when uncompressed.
The sample data includes what appears to be correspondence to some employees concerning their 2013 performance and 2014 compensation rates, proprietary information, bank account information (undated), budget information for 2016, international contacts, and directories of employees by location with their names, titles, office, and mobile telephone numbers and email addresses. Another file sample contained network information and recovery procedures.
The Daily Dot verified that the names and titles correspond with current employees of Goldcorp. A PDF included in the dump shows the expired passport of a Goldcorp executive. The name and photo on the passport correspond with the man’s LinkedIn profile.
According to the hackers, the information in the current data dump includes, but is not limited to:
- T4's, W2's, other payroll information
- Contract agreements with other companies
- Bank accounts, wire transfers, marketable securities
- Budget documents from 2012 - 2016
- Employee network information, logins/passwords
- International contact list
- IT Procedures, Disaster Recover, VMWare recovery procedures
- Employee passport scans.
- Progress reports
- SAP Data
- Treasury reports
April 27, 2016
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected
April 25, 2016