Cyber Incident Victim: Goldcorp
Date:
Apr 2016
Location:
Canada
Summary
A Canadian gold-mining firm suffered a cyberattack resulting in unauthorized access and public release of sensitive data, including employee personal information, financial records, proprietary documents, and internal IT procedures. The organization confirmed the network compromise, initiated an investigation with external security experts, notified authorities, and implemented enhanced security measures to address the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 26, 2021, hackers publicly claimed to have “badly hacked” Goldcorp, a Vancouver-based gold-mining company, and released a 14.8 GB uncompressed data dump containing sensitive corporate and employee information. The attackers posted sample data and a torrent download link on a public paste site, with samples including employee performance and compensation correspondence from 2013-2014, undated bank account details, 2016 budget documents, international contact lists, and employee directories containing names, titles, office locations, mobile numbers, and email addresses. Additional compromised materials included network configuration details, VMware recovery procedures, and an expired passport scan of a Goldcorp executive, which matched his LinkedIn profile. The hackers asserted the full dump contained payroll records (T4s, W2s), corporate contracts, wire transfer records, marketable securities data, budget documents spanning 2012-2016, employee login credentials, IT disaster recovery protocols, SAP data, treasury reports, and passport scans. The Daily Dot verified the authenticity of employee names and titles against current staff records and confirmed the passport’s legitimacy through cross-referencing. Hackers threatened subsequent releases of 14 months of company emails containing alleged corporate misconduct, including racism, sexism, and greed.
Goldcorp initially declined to confirm the breach when contacted by the Daily Dot on May 25 but acknowledged the network compromise after further investigation. The company issued a formal statement confirming unauthorized access and engaged its internal IT security team alongside external cybersecurity firms to assess the incident’s scope. Goldcorp notified law enforcement, implemented immediate preventative modifications to IT processes, and enhanced network security protocols. The breach exposed extensive operational and financial data, including proprietary information, employee personally identifiable information (PII), and critical infrastructure recovery procedures, creating significant reputational and operational risks. The company committed to informing affected employees but did not disclose the number impacted or specific mitigation measures for individuals. The data’s public availability via torrent raised concerns about long-term exploitation risks for identity theft, corporate espionage, and potential phishing campaigns targeting Goldcorp’s international contacts and partners.