AuBook.com.au

ABC News - Australia

Rio Tinto says staff's personal data may have been hacked

Posted: 2023-03-23 11:08:48

Original link: https://www.abc.net.au/news/2023-03-23/rio-tinto-staff-impacted-by-hack-after-goanywhere-attack/102138716

Personal data of Rio Tinto Ltd's former and current employees may have been stolen by a cybercriminal group, according to a staff memo.

Payroll information — such as pay slips and overpayment letters — belonging to a small number of employees from January 2023 had possibly been seized by the group, the memo showed.

"Investigations now indicate a possibility that Rio Tinto data may be impacted," it said.

The cybercriminal group threatened to release the data onto the dark web and investigations into the incident were ongoing, the mining giant added.

"To date, none of the records described above have been released, and we still do not know if the cybercriminal group holds these records or not," the memo said.

The stolen data relates to an attack on GoAnywhere — a managed file transfer software offered by cybersecurity firm Fortra — which also provides its services to Rio.

As GoAnywhere is a cloud-based vendor, there is no operational impact or risk to the Rio Tinto network, the memo said.

A host of global firms and government institutions have reported cybersecurity incidents linked to GoAnywhere over the past few weeks.

Hitachi Energy said last week that a ransomware attack by the CL0P group on GoAnywhere could have resulted in unauthorised access to employee data in some countries.

Last month, Community Health Systems — in a US exchange filing — confirmed that the personal and medical information of about 1 million individuals may have been impacted due to a security breach experienced by Fortra.

Fortra did not immediately respond to a request for comment.

File-sharing software has historically been a target for cybercriminals.

Back in 2021, vulnerabilities in the servers of California-based Accellion were exploited by the CL0P group, leading to data breaches in Morgan Stanley, Kroger Co, the Reserve Bank of New Zealand as well as other high-profile institutions.

Rio Tinto has not said who is responsible for the latest cyber attacks.

Reuters

0 Comment(s)
Favorite Unfavorite

Read On:

Spiritual leader of Anglicans worldwide Justin Welby resigns after sexual abuse scandal - 2024-11-12 14:18:43

'We feel secure in our masculinity' — Australian men's Fast5 captain hits back at homophobic comments - 2024-11-12 07:14:00

Indian coach launches fierce defence of 'incredibly tough men' Virat Kohli and Rohit Sharma while hitting out at Ricky Ponting - 2024-11-12 06:54:09

PNG great urges fans to stop 'senseless' online abuse of Xavier Coates for representing Kangaroos - 2024-11-11 03:11:23

'That actually infuriates me': Hawks prove they are top-four contenders and not just handed an easy draw in fiery AFLW finals test - 2024-11-11 02:03:24

Moses leads Eels to thrilling victory with golden-point field goal against Panthers - 2023-03-23 08:39:08

Blues hang on in thriller, Cats go 0-2 to start premiership defence - 2023-03-23 07:25:59

Mushroom celebrates 50 years in Australian music - 2023-03-23 03:45:13

Ellie Carpenter and Holly McNamara return to Matildas for April friendlies - 2023-03-23 03:01:28

Could the US banking crisis head off an Aussie mortgage disaster? - 2023-03-23 02:54:24

Report this news