Friday, April 29, 2016
Hackers target Goldcorp Inc, releasing reams of private data online including payroll and passports
The Canadian company "is working to determine the full scope and impact of the incident" and to provide information to affected employees.
Goldcorp Inc. has fallen victim to a data breach by anonymous hackers who posted reams of the miner’s private information online.
The breach includes 14.8 gigabytes of data, according to the Daily Dot website. The leaked data includes payroll information, private budget documents, bank account specifics, employee passport scans and much else, the site said.
“It’s a police matter now,” David Garofalo, Vancouver-based Goldcorp’s chief executive, said in an interview Thursday. “What I can tell you is our business is operating normally. And as a public company, we are obliged to disclose all material information and I’m confident we have.”
The hack of one of Canada’s largest mining companies highlights the fact that this is a key risk facing corporations worldwide. Companies often pay the ransoms demanded by hackers to just make the problem go away, according to experts.
“There’s more and more hacking, year after year,” said Vanessa Coiteux, a lawyer in the Montreal office of Stikeman Elliott LLP. “I think Goldcorp is a good example that every company is at risk.”
Garofalo declined to comment on the specifics of the Goldcorp hack. But he noted it has become commonplace for hackers to steal private data from companies and then try to extort money from them in exchange for keeping it confidential.
“In general, these sorts of circumstances are driven by monetary motives,” he said.
The Daily Dot noted the hackers said they are planning “several” more data dumps of Goldcorp’s private information.
“The next dump will include 14 months of company wide emails, emails containing some good old fashion corporate racism, sexism, and greed,” the hackers wrote, according to the website.
The Goldcorp hack is one of a series of well-publicized securities breaches in Canada and the United States. Target Corp., for example, has paid more than US$250 million in costs related to a 2013 data breach in its operations, though US$90 million of this was covered by insurance. The most famous hack of recent years happened to Sony Corp. in 2014. The hack was a response to The Interview, a Sony film that mocked North Korean leader Kim Jong Un.
In a new trend, hackers have been targeting hospitals so they can access confidential medical records and hold that information for ransom.
Goldcorp is not the only victim in Canada’s mining sector. Detour Gold Corp. was hacked last year by a group that claimed to be from Russia.
Awareness of corporate cybersecurity risk needs to move beyond corporate IT departments and reach right into the boardroom, Coiteux said, adding that directors need to make sure they ask their corporate IT departments the right questions about potential risks.
Satyamoorthy Kabilan, director of national security and strategic foresight with the Conference Board of Canada, said one of the biggest challenges in defending against cybercrime is that it is evolving all the time.
He said there is no such thing as a perfect defence to outside hacking. Each time experts design a security solution, hackers will eventually find a way around it. The same thing applies for trying to customize security systems in order to keep out specific hackers or known cyber spies.
“Nothing is 100 per cent secure,” Kabilan said. “If you make it 100 per cent secure, you make it 100 per cent unusable.”