Breach, Cloud Security, Data Security, Incident Response, TDR

Mining company’s data is more valuable than gold

Hackers posted employee data and private documents belonging to Goldcorp, a publicly listed gold-mining company, on a paste site, according to a report in the Daily Dot.

The massive data dump includes a wealth of employee and company data, including payroll information (including W-2 and T4 forms), bank account, wire transfer, and market securities information. The sample of data on the paste site – which contained the equivalent of 14.8 gigabytes of data – included budget documents from the past four years, emails about compensation, proprietary information, bank account information, budget information, employee directories and contact information (including employee names, titles, office locations, cell phone numbers, and email addresses).

The compressed sample of data also included employee network information, login/password information, and images of employee passports.

The hackers wrote on the paste site that they plan to release more data, which the hackers say will include company-wide emails that contain “some good old fashion corporate racism, sexism, and greed.”

“The appropriate authorities have been notified and an investigation is underway,” the company said in a statement emailed to SCMagazine.com. “The company's internal IT security team has been working with leading independent IT security firms to gather facts, provide information and support to affected employees, and enact a robust action plan, including immediate preventative modifications to its IT processes and increased network security protocols.”

“A disgruntled employee or someone who found out about the company's alleged questionable practices could have been the motivation for the huge data dump,” wrote Stephen Gates, chief research analyst and principal engineer at NSFOCUS International Business, in an email to SCMagazine.com. “This may not have been financially motivated. If it were, the perpetrators would have sold the data, not dumped it online.”

A representative for the Vancouver, British Columbia-based mining company noted that “as a publicly traded company, all material information is already in the public domain.”

“Often companies ask themselves, ‘Why would anyone attack us? Who would want our data?' As a result, many of them implement poor and antiquated defenses and employ junior security personnel because they believe the risk to the company is extremely low,” wrote Gates at NSFOCUS International Business. “Obviously here, that was not the case.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.