Goldcorp which is a renowned gold-mining firm in Canada suffered a serious security breach which helped the hackers to steel private employee data, banking information and confidential company documents which is nearly 14.8 GB of data on the whole. The hackers provided sample data by posting a document on a public Pastebin site, which was followed by a URL address to a full torrent download that was around 14.8 GB after uncompressing.
Hackers also added this message on their post in Pastebin: “[S]everal more data dumps are being prepared,” the hackers wrote in the paste. “[T]he next dump will include 14 months of company wide emails, emails containing some good old fashion corporate racism, sexism, and greed.”
It was The Daily Dot who reported this breach first on its site. According to the investigation carried out by The Daily Dot, the names and titles corresponded with current employees of the company while the dumped data also contained a PDF file in which the company’s executive’s expired passport is shown. The passport’s picture displays the executive’s photograph and name, which corresponded with the LinkedIn profile information of the man.
According to the hackers, the information in the current data dump includes, but is not limited to:
- T4’s, W2’s, other payroll information
- Contract agreements with other companies
- Bank accounts, wire transfers, marketable securities
- Budget documents from 2012 – 2016
- Employee network information, logins/passwords
- International contact list
- IT Procedures, Disaster Recover, VMWare recovery procedures
- Employee passport scans.
- Progress reports
- SAP Data
- Treasury reports
“The company’s internal IT security team has been working with leading independent IT security firms to rapidly gather facts, provide information and support to affected employees and ensure a robust action plan is in place, including immediate preventative modifications to its IT processes and increased network security protocols”, said Goldcorp.