Barrick Gold breach exposes thousands of Social Security numbers


Barrick Gold, the world’s second-largest gold mining company, is the latest victim of the MOVEit Transfer bug, revealing the sensitive details of thousands of individuals.

Barrick opened the new year by contacting individuals whose data may have been exposed during a data breach last year.

According to the breach notification letter the company sent out to potential victims, Barrick was one of the many organizations affected by the MOVEit Transfer attacks. The company said that attackers roamed its MOVEit Transfer server from May 28th to June 2nd, 2023. Progress Software, the company behind MOVEit Transfer, issued a patch for the bug on May 31, 2023.

However, Barrick completed a review of the files involved in the attack on December 20th, which revealed that the files contained sensitive data of individuals as well as their Social Security numbers (SSNs). According to the company, 2,761 individuals were exposed in the attack.

Losing SSNs poses significant risks, as impersonators can use the stolen data in tandem with names and driver’s license numbers for identity theft.

While the recent breach notification, which Barrick submitted to the Maine Attorney General, doesn’t reveal whose data was exposed, an earlier submission to the Attorney General of Montana said sensitive consumer information may have been exposed in the attack.

Barrick Gold is an Ontario-headquartered mining company operating gold, copper, and other mines throughout the globe. The company registered revenues exceeding $11 billion in 2022.

Earlier this year, the Cl0p ransomware cartel exploited a zero-day bug in the MOVEit Transfer software, allowing attackers to access and download the stored data.

According to researchers at Emsisoft, over 2,700 organizations – mainly in the US – and over 93 million individuals have been impacted by MOVEit attacks by the Russia-linked ransomware cartel.

Taking IBM’s estimate, which puts the cost of an average data breach at $165 per leaked record, the impact of Cl0p attacks would add up to a staggering $15.4 billion.


More from Cybernews:

Don’t trust links with known domains: BMW affected by redirect vulnerability

Microsoft pushes for Copilot with a new dedicated keyboard key

Midjourney AI developers caught copying artists to train generator

Hacker wanted by the US and Russia extradited to Moscow

Robotics to be the “biggest thing in 2024”

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked