recommended reading

Threatwatch

Hackers Gut Gold-Mining Firm Goldcorp

Data dump; Network intrusion

A trove of employee and corporate data from the Vancouver-based firm has apparently been dumped online.

After receiving a tip from the hackers on the afternoon of April 26 about the alleged breach, the Daily Dot contacted Goldcorp via email, website contact form, and phone to alert them to the matter. A company employee said they were already aware of the situation.

The firm said in statement on April 27: “Goldcorp confirmed today that the company’s network has been compromised and is working to determine the full scope and impact of the incident...The company’s internal IT security team has been working with leading independent IT security firms to rapidly gather facts, provide information to affected employees and ensure a robust action plan is in place, including immediate preventative modifications to its IT processes and increased network security protocols.”

According to Bloomberg, the data breach was part of an attempt to extort money from the third-largest gold mining company.

In a document posted to a public bulletin board, the hackers have provided sample data and a link to a full torrent download, which measured 14.8 GB when uncompressed.

The sample data includes what appears to be correspondence to some employees concerning their 2013 performance and 2014 compensation rates, proprietary information, bank account information (undated), budget information for 2016, international contacts, and directories of employees by location with their names, titles, office, and mobile telephone numbers and email addresses. Another file sample contained network information and recovery procedures.

The Daily Dot verified that the names and titles correspond with current employees of Goldcorp. A PDF included in the dump shows the expired passport of a Goldcorp executive. The name and photo on the passport correspond with the man’s LinkedIn profile.

According to the hackers, the information in the current data dump includes, but is not limited to:

  • T4's, W2's, other payroll information
  • Contract agreements with other companies
  • Bank accounts, wire transfers, marketable securities
  • Budget documents from 2012 - 2016
  • Employee network information, logins/passwords
  • International contact list
  • IT Procedures, Disaster Recover, VMWare recovery procedures
  • Employee passport scans.
  • Progress reports
  • SAP Data
  • Treasury reports

sector

Manufacturing

reported

April 27, 2016

reported by

Daily Dot

number affected

Unknown

location of breach

Vancouver, Canada

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

April 25, 2016