Personal details of former and current Australian employees of Rio Tinto Ltd could have been stolen by a group of cybercriminals, says a staff memo seen by Reuters.
Payroll information, such as pay stubs and overpayment letters, from a small number of employees from January 2023 had possibly been seized by the group, the memo showed.
“Investigations now indicate the possibility that Rio Tinto’s data could be affected,” he said.
The cybercriminal group has threatened to publish the data on the dark web while investigations into the incident continue, the Anglo-Australian mining giant said.
“To date, none of the records described above have been released and we do not yet know whether or not the cybercriminal group owns these records.”
The stolen data relates to an attack on GoAnywhere, a managed file transfer (MFT) software offered by US cybersecurity firm Fortra.
A large number of global companies and government institutions have reported cybersecurity incidents related to GoAnywhere MFT in recent weeks.
Hitachi Energy, a unit of Japanese conglomerate Hitachi, said last week that a ransomware attack by the “CL0P” group on GoAnywhere could have resulted in unauthorized access to employee data in some countries.
Last month, Community Health Systems in a US exchange filing confirmed that the personal and medical information of approximately one million people may have been affected due to a security breach experienced by Fortra.
Fortra did not immediately respond to a Reuters request for comment.
Historically, file-sharing software has been a target for cybercriminals.
In 2021, the CL0P group exploited vulnerabilities in California-based Accellion’s servers, leading to data breaches at Morgan Stanley, Kroger Co, the Reserve Bank of New Zealand, and other high-profile institutions.
Rio Tinto has not said who is responsible for the latest cyberattacks.
Rio shares in London were down 1.6 percent at 1013 GMT.