Canadian gold-mining company Goldcorp has suffered a data breach of seemingly catastrophic proportions.
On Tuesday, the attackers leaked a lot of sensitive internal data about the company and its employees, and have promised to leak more, including “14 months of company wide emails, emails containing some good old fashion corporate racism, sexism, and greed.”
The first batch of stolen data – 14.8 GB in all – has been posted on a public paste site, and includes: employee correspondence, payroll information, bank account and current budget information, a list of the company’s contacts all over the world, personal information about employees (names, job titles, mobile phone numbers, email addresses, passport scans), network information (including employee passwords), documents defining various procedures (e.g. IT and disaster recovery procedures), and more.
The Daily Dot says that much of the already dumped data seems accurate. They informed Goldcorp about the leak, and the company got back to them after a while and confirmed that they have been breached.
The firm has called in independent IT security firms to work with their own internal IT security team in order to discover the scope and impact of the network compromise as soon as possible, so that they can proceed to remediate the problem and protect their employees.
A year ago, a group of (supposedly) Russian hackers breached Detour Gold, another gold-mining company based in Canada, but it’s currently unknown if this latest attack was also effected by the same group.
Interestingly enough, the stolen data was leaked on the same day that Goldcorp published a report on its Q1 2016 results.