Goldcorp Inc., the world’s third-largest gold company by market value, confirmed it was the victim of a data breach.
The Canadian company “is working to determine the full scope and impact of the incident” and to provide information to affected employees, Christine Marks, a Goldcorp spokeswoman, said Thursday in an e-mail.
Vancouver-based Goldcorp’s internal IT security team is working with external companies to come up with an action plan and prevent further breaches, she said.
On Wednesday, The Daily Dot website reported hackers appeared to have accessed 14.8 GB of uncompressed data from Goldcorp’s internal networks.
The website reported that according to a privacy researcher, who goes by the pseudonym Dissent Doe, the leaked data includes employee login IDs and passwords, salary and budget documents, and other sensitive corporate and personal information about Goldcorp and its employees.
The attack may be part of a growing number of breaches where hackers post large stolen databases to embarrass companies and shame them for having poor security or other perceived transgressions, versus keeping the information secret to profit from it. Another example of this was in the Sony Corp. breach of 2014, which the U.S. blamed on North Korea. One component of the massive amount of leaked data in that instance was human resources documentation detailing the costs and conditions of employees with high medical bills.
The hackers say they are preparing more data dumps, including “emails containing some good old fashion corporate racism, sexism, and greed,” according to The Daily Dot.
It’s often difficult to discern hackers’ true motives in leaking data. Some attacks are highly targeted and the result of weeks or months of work to get inside target companies. However attacks can also be random as insecure computer servers are breached by widely-used automated hacking tools.
Last year, Detour Gold Corp. confirmed a hack of its IT systems had resulted in personal information about employees being disclosed.