Hackers are believed to have accessed a number details about Canadian mining company Goldcorp, then posted stolen employee data online.
Access has been reportedly gained to 14.8GB of data from the company’s internal networks. Leaked data includes employee login IDs and passwords, salary and budget documents.
Other data included sensitive corporate and personal information related to Goldcorp, as well as its employees.
Goldcorp CEO David Garofalo told Bloomberg TV Canada that the company’s business is operating as usual after the hack.
Garofalo said: "Given that we’re a public company, any sensitive material information has to be in the public domain anyways; so I’m really not concerned about what they may have downloaded from a disclosure standpoint."
The internal IT security team of Goldcorp is working with external firms to gather facts and come up with a solution to prevent further breaches.
US-based software company Varonis director Rob Sobers said: "The narrative surrounding the Gold Corp breach is Sony redux. One: attackers appear to have had undetected access to confidential information for months. Two: sensitive files and emails were stolen. Three: multiple GBs of data was exfiltrated without sounding an alarm.
"The breach underscores the burning need to monitor access to confidential documents and mailboxes as if they were bank accounts.
"Without a wider adoption of user behaviour analytics, it’s hard to see how companies avoid breaches like Goldcorp, Sony, OPM, and on and on and on."