Barrick Gold, the world’s second-largest gold mining company, has fallen victim to the MOVEit Transfer bug, resulting in the exposure of sensitive details for thousands of individuals. The company confirmed the data breach, stating that attackers infiltrated its MOVEit Transfer server from May 28th to June 2nd, 2023.
Although Barrick initiated a review on December 20th, the extent of the exposure only became clear recently, revealing that the compromised files contained personal data, including Social Security numbers, affecting 2,761 individuals. The breach raises concerns about identity theft risks associated with the stolen information.
The breach notification letter sent by Barrick Gold to potential victims indicates that the MOVEit Transfer attack, attributed to the Cl0p ransomware cartel, impacted the company. Earlier this year, the Cl0p cartel exploited a zero-day vulnerability in the MOVEit Transfer software, enabling unauthorized access to stored data.
Emsisoft researchers report that over 2,700 organizations, primarily in the US, and over 93 million individuals have been affected by MOVEit attacks orchestrated by the Russia-linked ransomware cartel. This incident adds to the substantial financial impact of Cl0p attacks, estimated at a staggering $15.4 billion according to IBM’s average data breach cost estimate of $165 per leaked record.
The recent data breach notification submitted by Barrick Gold to the Maine Attorney General did not disclose whose data was compromised. However, an earlier submission to the Attorney General of Montana suggested that sensitive consumer information might have been exposed. Barrick Gold, headquartered in Ontario, operates gold, copper, and other mines globally, reporting revenues exceeding $11 billion in 2022. The incident highlights the persistent threats posed by cybercriminals, particularly those leveraging ransomware attacks, and underscores the broader implications for organizations and individuals in the face of escalating cyber threats.