Illustration via Max Fleishman (Licensed)
Hackers claim to have “badly hacked” Goldcorp, a gold-mining firm with headquarters in Vancouver, British Columbia, and dumped a trove of private company and employee data online.
In a document posted to a public paste site, the hackers provided sample data and a link to a full torrent download, which measured 14.8 GB when uncompressed.
The sample data includes what appears to be correspondence to some employees concerning their 2013 performance and 2014 compensation rates, proprietary information, bank account information (not dated), budget information for 2016, international contacts, and directories of employees by location with their names, titles, office, and mobile telephone numbers and email addresses. Another file sample contained network information and recovery procedures.
The Daily Dot was able to verify that the names and titles correspond with current employees of Goldcorp. A PDF included in the dump shows the expired passport of a Goldcorp executive. The name and photo on the passport correspond with the man’s LinkedIn profile.
According to the hackers, the information in the current data dump includes, but is not limited to:
- T4's, W2's, other payroll information
- Contract agreements with other companies
- Bank accounts, wire transfers, marketable securities
- Budget documents from 2012 - 2016
- Employee network information, logins/passwords
- International contact list
- IT Procedures, Disaster Recover, VMWare recovery procedures
- Employee passport scans.
- Progress reports
- SAP Data
- Treasury reports
The Daily Dot was able to confirm the data contains most, if not all, of these records.
“[S]everal more data dumps are being prepared,” the hackers wrote in the paste. “[T]he next dump will include 14 months of company wide emails, emails containing some good old fashion corporate racism, sexism, and greed.”
The Daily Dot received a tip from the hackers on Tuesday afternoon about the alleged breach. After reviewing the sample data, we contacted Goldcorp via email, website contact form, and phone to alert them to the claimed hack. An employee of the company said they were already aware of the situation.
While Goldcorp did not initially confirm the breach in emails and phone calls to the company, the firm later issued a statement admitting that its “network has been compromised.”
“Goldcorp confirmed today that the company’s network has been compromised and is working to determine the full scope and impact of the incident. The appropriate authorities have been notified,” a Goldcorp spokesperson said in an email to the Daily Dot. “The company’s internal IT security team has been working with leading independent IT security firms to rapidly gather facts, provide information to affected employees and ensure a robust action plan is in place, including immediate preventative modifications to its IT processes and increased network security protocols.”
Goldcorp is not the first Canadian gold-mining firm to be hacked and have its data dumped. A year ago, DataBreaches.net began reporting on a similar situation involving Detour Gold. The hackers, who claimed to be Russian, hacked and dumped company data, then they re-hacked the firm after it claimed it had secured its server.
It is not clear whether the hackers involved in the Detour Gold hack are the same individuals involved in allegedly hacking Goldcorp. The hackers have not responded to an inquiry about their deeper motivations in allegedly breaching GoldCorp and dumping its data.
Update 11:46am CT, April 27: Goldcorp has confirmed the breach to the Daily Dot. The story and headline have been updated to reflect the confirmation.
Dissent Doe is the pseudonym of a privacy advocate who reports on privacy issues and data security breaches on PogoWasRight.org and DataBreaches.net. Her research on breaches has fueled resources such as DataLossDB.org and InfoisBeautiful, and it has served as the basis for a number of investigations by the Federal Trade Commission.
Additional reporting by Dell Cameron.