Search Results : detour gold

Jun 302015
 

Rachelle Younglai reports:

Detour Gold Corp. is reaching out to former and current employees to tell them that their personal information may have been compromised due to a cyber attack.

Detour, which operates one gold mine in Ontario, did not say when its server was hacked or how many employees have been affected by the security breach.

[…]

As far back as April, the website databreaches.net had warned Detour that its system had been compromised, exposing confidential data such as employees’ social insurance numbers and information on Detour’s deals.

Read more on The Globe and Mail.

The following is the full text of Detour Gold’s press release, which appears on their web site:

TORONTO, ONTARIO–(Marketwired – June 30, 2015) – Detour Gold Corporation (TSX:DGC) (“Detour Gold” or the “Company”) has been the subject of an illegal breach of its IT systems which has resulted in confidential information, including company and personnel information, being accessed and disclosed by hackers.

The Company has determined that the stolen information includes personal information of Detour Gold’s employees (current and former) as well as of individuals to whom Detour Gold made a formal offer of employment.

External and internal IT experts are continuing to assess the risks of further illegal access to Detour Gold’s systems and are taking steps to eliminate such risks. We are also continuing to investigate the source of the breach and are in contact with the police and federal authorities who are assisting the Company. We are also taking steps to reduce the risk of further confidential information being accessed by establishing additional safeguards within our systems. 

Our highest priority, and the primary reason for issuance of this news release, is to help those people whose personal information was compromised to protect themselves against the unauthorized use of their personal information. We are in the process of contacting former employees and individuals who received offers of employment from Detour Gold who may have provided personal information to us in that context. While we are endeavoring to contact all people affected by this, if you fall within one of these groups and have not yet been contacted by Detour Gold, please contact us immediately in order to receive identity theft monitoring services which the Company is making available through a third party service provider. You can reach us via:

Telephone access:

  • Toll-free (North America): 1-855-870-8647
  • Cochrane, Ontario: 647-847-2089, ext. 4367

Email: [email protected]

Jun 242015
 

Since April, DataBreaches.net has been reporting on the hack of a small Canadian gold-mining firm, Detour Gold. As noted in April, hackers who call themselves Angels_of_Truth claim to have hacked Detour Gold in revenge for Canada’s economic sanctions on Russia. Their statements have been written in both English and Russian.

Following the first paste and dump, the hackers contacted DataBreaches.net in May, and again this past week, to point this site to additional data dumps that indicate that the hackers had (and appear to still have) access to Detour Gold’s system.

Consistent with this site’s policy of not directly linking to data dumps that include personal information, DataBreaches.net did not publish the urls for the data dumps and pastes. That information has begun to circulate anyway, however, which means that Detour Gold employees are now at even greater risk of identity theft and the company’s corporate information and accounts are more widely available to those who might misuse the information.  As but one example, one of the files the hackers sent to this site included all credit card details on a corporate credit card used by  the firm’s CEO. The authorization form  included images of the front and back of the credit card, his signature, and a photocopy of his driver’s license with his date of birth and all other details. The credit card number is not an expired number unless Detour Gold has since cancelled it.

Lee J. of CyberWarNews.info has analyzed the 18 GB dump of Detour Gold corporate and employee information and has uploaded his analysis here.

Note the wealth of employee information, most of which was not encrypted. Lee  reports that information was available on a total of 1,312 on-site and off-site employees,  with credentials sorted into folders with insurance, health and driver’s license details. Of these 1,312 employees, 1,161 were current employees, 127 were terminated employees, 70 were individuals who had been offered employment but had not accepted the offer, and 22 were on pending position offers. Information on the employees includes:

  •  Background checks
  •  Declaration of criminal record documents
  •  Criminal information centre documents
  • Social Insurance numbers, Health card Numbers, Driver’s License Numbers, Full names,
  • Dates of birth, signatures, emails, phones, home addresses, background history from
  • Very detailed resumes, banking information and related payroll information.
  • Employment conditions, offers, terms and information such as salaries and duties.
  • Interview notes, this includes full copies of the application
  • Reference check forms used as a checklist of what to ask and the answers given.
  • Fitness to work assessments
  • Students’ details from “summer employment offers” which include full names, dates of birth, home addresses, study information as well as above already mentioned information

There were 1,049 unique Social Insurance Numbers for the entire data dump.

In other words, more than enough information to accomplish identity theft.

In addition to the risk of identity theft, detailed documents concerning the termination of employment reveal transgressions by named employees that they might not wish to see in the public domain.

And of course, this is all apart from the company’s proprietary information that has also now been dumped for the public.

When asked about the lack of encryption, Lee informed DataBreaches.net:

My analysis found that at least 98% of the material was unencrypted.
Some payroll information is protected, but I suspect that it would be
relatively easy to crack the protection.

Detour Gold has stored a lot of clear text credentials in very obvious
files, which makes it very understandable how a breach of this
magnitude has happened.

But who are the Angels_Of_Truth? Are they really Russian hackers?  It’s hard to believe that Russian hackers would target such a small firm instead of a government agency or larger corporation if they want to make a political point. Attempts to reach the hackers using an email address that had worked in the past failed to reach them yesterday. Hopefully, if they see this post, they will get in touch with this site.

Jun 222015
 

If you’ve been employed by Detour Gold at any time since 2007, your personal information may already have been acquired and dumped by Russian hackers – including your name, date of birth, salary information, employment details, and Social Insurance Number.  And if your employment history included any medical, disability, or disciplinary records, they may be exposed on the Internet now, too.

On April 21, and again on May 3, this site reported that  Detour Gold Corporation  (TSX: DGC) appeared to have been massively hacked with corporate and employee information dumped. In response to the hackers’ claims that they still had access to Detour Gold’s databases, Detour Gold’s IT Manager, Reza Alirezaei, had informed DataBreaches.net, “We are monitoring our network perimeters with the monitoring tools we have and we don’t see any suspecious activities.”

Perhaps they can see it now.

The hackers, who call themselves the Angels_Of_Truth, have dumped even more data. Inspection of what they sent DataBreaches.net indicates that the data dump includes employee information that was generated after the April 21st  date of their first dump – and includes files dated as recently as May 20, 2015, supporting their claim that they have had ongoing access to Detour Gold’s system.

The hackers write:

Detour Gold seems to remain oblivious to the fact their computer network and all the personal customer / employee data as well as sensitive corporate data has been compromised. The network remains up online and all the data still unencrypted and available for all to see.

We have taken over 100 Gigs of data from the Detour Gold computer network covering from 2007 – present day, yet again we have decided to leak more data, 18 Gigs of raw copies of some of the compromised documents are available via torrent download located here:

[url redacted by DataBreaches.net as per this site’s policy concerning claimed data dumps that include personal information]

the Angels_Of_Truth continue to maintain access to the Detour Gold network, even after we have already leaked data on two seperate occasions, this is our 3rd and largest data leak yet, with more to follow.

As long as economic sanctions persist on Russia so will cyber attacks on the Canadian economic sector. (we included some SIN numbers at the bottom of the paste)

So far, there doesn’t seem to be any impact on economic sanctions, but this appears to be one of the worst, if not the worst, hacks of a Canadian corporation.

According to the hackers, data available in the torrent includes:

  • employee/customer personal information, phone numbers, emails, mailing addresses
  • employee/customer termination reports
  • employee salary information bonus information and severance packages
  • employee/customer SINS, scans of driver licenses birth certificates health cards
  • contractors confidential deals
  • Donations, political party donations
  • credit card numbers, statements and transactions
  • medical records, drug tests etc
  • employee stock options
  • IT rapid7 vulnerability reports
  • legal documents
  • invoices of expenses
  • employee performance reviews
  • employee T4’s and other tax documents
    and much more

Inspection of what they submitted to DataBreaches.net appears to confirm their description. The Rapid7 audit report was generated April 26, 2015, and a copy of a political donation check reveals Detour Gold’s bank routing number and account number. A paste describing the data dump contains 37 Social Insurance Numbers of employees/customers.

None of the data are encrypted.

As noted above, Detour Gold stated on May 3 that they did not see any evidence the hackers still had access, but yesterday’s data dump includes more recent material such as the following employee termination letter, which is being redacted by DataBreaches.net to delete the employee’s details:

Registered and Electronic Mail

May 20, 2015
Confidential

[First Name and Last Name Redacted]
[Postal Address Redacted]
Thunder Bay, ON
P7C 5Z2
[redacted]@hotmail.com

Dear [Redacted]:

This letter serves to confirm your discussion with Larry Lazeski – Mine Operations Superintendent on May 20, 2015, advising you that your employment with Detour Gold is terminated effective immediately.

In this regard, we are providing the following arrangement:

[…]

[Redacted], we wish you well in your future endeavours.

Sincerely,

Craig Rintoul
Open Pit Manager

A letter to the same employee dated May 19, 2015 from Rintoul began:

Dear [redacted]

We attempted to contact you multiple times on May 15, 16, 17, 18 and 19 to discuss your employment status, however unfortunately we were unable to reach you. This letter will confirm our decision to terminate your employment effective May 19, 2015. The decision to do so comes after a thorough consideration of your employment history and recent serious safety incident.

In this regard, we are providing the following arrangement:

Detour Gold had notified the Privacy Commissioner of Canada and affected employees after the earlier reports. They had also involved the Canadian Incident Response Center, and were reportedly working with several security advisors to resolve the issue.

DataBreaches.net emailed Detour Gold yesterday to ask for a statement about the latest data dump and what appears to be ongoing access to their network. They were not aware of the paste or the data dump until this site notified them, and said they would have Human Resources confirm or deny the authenticity of the employee termination letter.

As of the time of this publication, they reneged on their statement that they would confirm or deny the authenticity of the exposed termination letter and sent only the following statement: “We are reviewing the matter and taking appropriate actions.”

DataBreaches.net has reached out to the employee whose termination letter was exposed to ask for his reaction and will update this post as more information becomes available, but it seems clear Detour Gold has an ongoing and very serious problem.

May 032015
 

I had told Detour Gold to keep an eye out for future data dumps when I spoke with them weeks ago to notify them that they had been hacked, and I wasn’t surprised to receive an email last night from someone pointing me to a new data dump.

The data dump includes personal information on employees as well as login credentials, corporate information and server information. As is this site’s policy, I’m not linking to the data dump because of the personal information involved.

Of additional concern, the hackers claimed that they still have access:

Detour Gold has still failed to protect its data and the data of its customers and employees, even after releasing a data dump of sensitive corporate material we still maintain access to Detour Gold’s computer network and all the data contained within.

Much of the data dumped last night could have been part of the original hack, as I’m not really seeing anything dated after the last dump.

DataBreaches.net sent a courtesy notification to Detour Gold’s IT Manager this morning to alert them, as the paste was still up when I checked. I just received a reply from him that they were already aware of the new data dump and were working to get it removed.  He noted that “It’s pretty much the same data that was dumped before plus a few new pictures.”

In response to my inquiry about the hackers’ claims that they still had full access, he replied, “We are monitoring our network perimeters with the monitoring tools we have and we don’t see any suspecious activities.”

According to the IT Manager, Detour Gold had notified everyone whose personal information was exposed in the last data dump, and had notified the Privacy Commissioner, involved the Canadian Incident Response Center, and were also working with several security advisors to resolve the issue.

So that’s where things stand right now. If the hackers have any proof that they still have access that they can send me, I’ll try to follow up.

 

Apr 212015
 

It looks like Detour Gold Corporation  (TSX: DGC) was massively hacked.

In a paste by “Angel_of_Truth,” the hackers explain their motivation in both Russian and then English:

This attack on a Canadian company is retribution for Canada’s sanctions on Russia,
And the ongoing efforts to undermine Russia by the West.
Below is some of the data that was stolen out of Detour Golds (DGC:TSX) computer network,
Detour Golds entire computer network was under Russian control for over 2 years.
We have decided to release some of the hacked data with more to come in the near future, todays post includes:
Employee Data
Radio Data
Incident Reports & Gold Shipments
Supervisors Personal Data

These attacks will continue until Canada stops being a slave for the United States

And yes, they dumped a lot of data, including disciplinary reports on named employees, medical complaints, and other personal information. Because personal data is involved, DataBreaches.net is not linking to the data dump or providing examples.

DataBreaches.net attempted to contact Detour Gold to ensure that they are aware of the hack and that personal and corporate data have been exposed.

After 20 minutes of not being able to reach anyone through their web site information for contacts and wondering whether their Media contact would even see my email before tomorrow, I finally smacked myself in the head and consulted the hacked data to get a name and phone number to call.

So yes, if they didn’t know before, at least one executive now knows and will be forwarding an email with details to their IT security.

Update: Their IT Security Department called me to tell me they received my message and are looking into it.