A group of hackers think they may have struck gold when they went after Goldcorp, a gold-mining firm in Vancouver. The metaphorical riches plundered come in the form of company and employee information, making up around 14.8 GB worth of data, including banking information, payroll information, and even employee passport scans.

The Daily Dot reports the document of stolen data, posted to a public paste site, contains information confirmed to belong to current Goldcorp employees.

This includes T4 and W2 forms, among other payroll information, which can be used for tax theft, as well as bank accounts, wire transfers, and marketable securities, which can be used to help access or steal from bank accounts. The document’s budget documents, contract agreements, treasury reports, and progress reports could all be used for insider trading, while the employee passports could help with identity theft. All in all, there’s a wide range of damages that could be inflicted with all the stolen information.

Just the Beginning

This is apparently the first of many data dumps, or so the hackers claim, stating that over a year’s worth of company emails will be revealed in the next one. In said emails, they claim one can find “some good old fashion corporate racism, sexism, and greed.” However, the hackers’ motivations are unknown, as are their methods for stealing the data.

Goldcorp is aware of the breach, and has issued a statement explaining that its network has been compromised. The company has alerted the authorities and is working with independent IT security firms to resolve the situation and improve the IT processes and network security protocols to prevent a similar attack from taking place.

Response and Damage Control

Following a breach of this size, a proper response is essential. Michael Bruemmer, Vice President of Experian Data Breach Resolution, offers a checklist of what to do in the “Data Breach Response Guide:” record all dates and times, alert and activate the response team, preserve evidence, stop additional data loss, document everything, interview those involved, review the protocols for breaches, assess risks and priorities, bring in a forensics firm, and notify law enforcement.

“Resolving a data breach requires a coordinated effort between your response team members, executives, external resources, law enforcement, forensic firm and data breach resolution vendor. Staying organized and documenting every step and decision should be a top priority. Act quickly to minimize the damage but don’t lose sight of your priorities or of the needs of affected individuals.”

This is a big blow to Goldcorp, with the potential to inflict a lot of damage. A fast response is essential to protect both the company and its employees, but there is already much recovery work to be done.

Photo by AJC ajcann.wordpress.com