Personal data of Rio Tinto's Aussie staff may have been hacked - memo

FILE PHOTO: The Rio Tinto logo is displayed above the global mining group's booth at the Prospectors and Developers Association of Canada annual conference in Toronto, Ontario, Canada March 7, 2023. REUTERS/Chris Helgren/File Photo

(Reuters) -Personal data of Rio Tinto Ltd's former and current Australian employees may have been stolen by a cybercriminal group, according to a staff memo seen by Reuters on Thursday.

Payroll information, like payslips and overpayment letters, of a small number of employees from January 2023 had possibly been seized by the group, the memo showed.

"Investigations now indicate a possibility that Rio Tinto data may be impacted," it said.

The cybercriminal group threatened to release the data onto the dark web while investigations into the incident are ongoing, the Anglo-Australian mining giant added.

"To date, none of the records described above have been released, and we still do not know if the cybercriminal group holds these records or not."

The stolen data relates to an attack on GoAnywhere - a managed file transfer (MFT) software offered by U.S. cybersecurity firm Fortra.

A host of global firms and government institutions have reported cybersecurity incidents linked to GoAnywhere MFT over the last few weeks.

Hitachi Energy, a unit of Japanese conglomerate Hitachi said last week that a ransomware attack by the "CL0P" group on GoAnywhere could have resulted in unauthorized access to employee data in some countries.

Last month, Community Health Systems in a U.S. exchange filing confirmed that the personal and medical information of about one million individuals may have been impacted due to a security breach experienced by Fortra.

Fortra did not immediately respond to a Reuters request for comment.

File-sharing software has historically been a target for cybercriminals. Back in 2021, vulnerabilities in the servers of California-based Accellion were exploited by the CL0P group, leading to data breaches in Morgan Stanley , Kroger Co , the Reserve Bank of New Zealand, and other high-profile institutions.

Rio Tinto has not said who is responsible for the latest cyber-attacks.

Rio's shares in London were down 1.6% at 1013 GMT.

(Reporting by Harish Sridharan and Sameer Manekar in Bengaluru; Editing by Sherry Jacob-Phillips, Eileen Soreng an Dhanya Ann Thoppil)

Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!


Next In Tech News

France to provide 2.9 billion euros in aid for new STMicro/GlobalFoundries factory
Apple expected to reveal mixed-reality headset at developer conference
Exclusive-Musk's Neuralink valued at about $5 billion despite long road to market
AI generated content should be labelled, EU Commissioner Jourova says
Exclusive-Crypto giant Binance controlled ‘independent’ U.S. affiliate’s bank accounts
Foxconn's May sales drop 9.5% y/y on smartphone weakness
Edward Snowden leaks at 10 years: More data more controls
Woman’s body found burning after she left for Facebook Marketplace meetup, US cops say
From trash to cash: Chinese blogger shows how to find money in wealthy areas in HK
Human extinction threat 'overblown' says AI sage Marcus

Others Also Read