The company has confirmed the breach and also revealed that there was an extortion attempt as well.
Goldcorp, a renowned gold-mining firm in Canada has been “badly hacked.” The gold-mining firm’s headquarters is based in Vancouver, British Columbia. Hackers have also leaked a massive amount of the company’s employees’ data online. The hackers provided sample data by posting a document on a public Pastebin site, which was followed by a URL address to a full torrent download that was around 14.8 GB after uncompressing.
The data includes correspondence to some of the company’s employees regarding their performance between 2013 and 2014, proprietary related data, titles, email addresses, employee’s location information that is updated, the year 2016 budget information, international contacts, telephone numbers both private and work and their compensation rates of 2014. Another file that was dumped over the internet had network information and recovery processes.
[q]Hackers vow to leak more data and expose company’s alleged racism, sexism, and greed[/q]
According to the investigation carried out by The Daily Dot, the names and titles corresponded with current employees of the company while the dumped data also contained a PDF file in which the company’s executive’s expired passport is shown. The passport’s picture displays the executive’s photograph and name, which corresponded with the LinkedIn profile information of the man. According to The Daily Dot, hackers loosely revealed that their dumped data included the following information:
* “T4’s, W2’s, other payroll information
* Contract agreements with other companies
* Bank accounts, wire transfers, marketable securities
* Budget documents from 2012 – 2016
* Employee network information, logins/passwords
* International contact list
* IT Procedures, Disaster Recover, VMWare recovery procedures
* Employee passport scans.
* Progress reports
* SAP Data
* Treasury reports”
In their post on the pastie site, the hackers also posted this message:
“[S]everal more data dumps are being prepared. [T]he next dump will include 14 months of company-wide emails, emails containing some good old fashion corporate racism, sexism, and greed.”
[must url=”https://www.hackread.com/anonymous-opcanary-targets-canadian-mining-firm/“]Anonymous Relaunches #OpCanary, Targets Canadian Mining Firm[/must]
[must url=”https://www.hackread.com/bank-loses-81mil-poor-security/“]Bank implements poor security measures, loses $81 million[/must]
Wondering how the Daily Dot was able to receive so much information about the hack attack? Well, the publication received a tip on Tuesday from the hackers in which they informed about the breach and about the dumping of sample data on Pastie site. The Daily Dot immediately contacted Goldcorp through email, website, and phone to inquire about the legitimacy of this claim. An employee of Goldcorp confirmed this attack and stated that the company was aware of it already.
In an officially released statement, Goldcorp confirmed the breach and also revealed that there was an extortion attempt.
Goldcorp confirmed today that the company’s network has been compromised and is working to determine the full scope and impact of the incident. The appropriate authorities have been notified,” a Goldcorp spokesperson said in an email to the Daily Dot. “The company’s internal IT security team has been working with leading independent IT security firms to rapidly gather facts, provide information to affected employees and ensure a robust action plan is in place, including immediate preventative modifications to its IT processes and increased network security protocols.”