Cyber Incident Victim: Freeport-McMoRan
Date:
Aug 2023
Location:
United States of America
Summary
Freeport-McMoRan experienced a cybersecurity incident involving an external system breach that compromised personal information, including names and Social Security Numbers, of over 1,300 individuals. The company engaged third-party experts and law enforcement, noting limited initial production disruption but warning that prolonged issues could affect future operations. Transitional solutions were implemented to secure systems, while affected individuals received written notifications and offers of identity theft protection services. The incident coincided with a decline in the company's stock price following public disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 11, 2023, Freeport-McMoRan Inc. publicly disclosed a cybersecurity incident affecting its information systems, initiating an immediate investigation to assess the scope and operational consequences. The company engaged third-party cybersecurity experts and collaborated with law enforcement agencies to address the breach, implementing transitional solutions to secure compromised systems while minimizing disruptions. Initial assessments indicated limited immediate impact on production activities, with core mining and operational safety protocols remaining functional. Freeport-McMoRan emphasized proactive containment measures but cautioned stakeholders that prolonged system disruptions could impair future operational capabilities, particularly if recovery efforts extended beyond initial timelines. The incident prompted internal system evaluations across its Phoenix, Arizona headquarters and affiliated locations, though specific compromised systems or attack vectors were not detailed in public communications. Share prices declined 1.7% following the announcement, reflecting investor concerns about potential long-term operational and financial repercussions.
The breach exposed personally identifiable information for 1,327 individuals, including one Maine resident, with attackers acquiring names and Social Security Numbers through an external system intrusion. Freeport-McMoRan, represented by legal counsel Covington & Burling LLP, confirmed the breach’s occurrence and discovery dates as August 11, 2023, classifying the event as an external hacking incident. Affected individuals received written notifications by September 8, 2023, accompanied by 24 months of complimentary identity theft protection services administered by TransUnion. No evidence suggested immediate misuse of stolen data, though the company did not disclose whether ransomware or data exfiltration tactics were employed during the attack. Concurrently, operational technology systems maintained production continuity while IT teams prioritized restoring enterprise information systems, with updates directed to the company’s official website to inform stakeholders of recovery progress.