DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

EXCLUSIVE: Russian hackers claim they still own Detour Gold, dump more data

Posted on June 22, 2015 by Dissent

Update and Correction: The hacker(s) is/are likely not Russian, but Canadian.


If you’ve been employed by Detour Gold at any time since 2007, your personal information may already have been acquired and dumped by Russian hackers – including your name, date of birth, salary information, employment details, and Social Insurance Number.  And if your employment history included any medical, disability, or disciplinary records, they may be exposed on the Internet now, too.

On April 21, and again on May 3, this site reported that  Detour Gold Corporation  (TSX: DGC) appeared to have been massively hacked with corporate and employee information dumped. In response to the hackers’ claims that they still had access to Detour Gold’s databases, Detour Gold’s IT Manager, Reza Alirezaei, had informed DataBreaches.net, “We are monitoring our network perimeters with the monitoring tools we have and we don’t see any suspecious activities.”

Perhaps they can see it now.

The hackers, who call themselves the Angels_Of_Truth, have dumped even more data. Inspection of what they sent DataBreaches.net indicates that the data dump includes employee information that was generated after the April 21st  date of their first dump – and includes files dated as recently as May 20, 2015, supporting their claim that they have had ongoing access to Detour Gold’s system.

The hackers write:

Detour Gold seems to remain oblivious to the fact their computer network and all the personal customer / employee data as well as sensitive corporate data has been compromised. The network remains up online and all the data still unencrypted and available for all to see.

We have taken over 100 Gigs of data from the Detour Gold computer network covering from 2007 – present day, yet again we have decided to leak more data, 18 Gigs of raw copies of some of the compromised documents are available via torrent download located here:

[url redacted by DataBreaches.net as per this site’s policy concerning claimed data dumps that include personal information]

the Angels_Of_Truth continue to maintain access to the Detour Gold network, even after we have already leaked data on two seperate occasions, this is our 3rd and largest data leak yet, with more to follow.

As long as economic sanctions persist on Russia so will cyber attacks on the Canadian economic sector. (we included some SIN numbers at the bottom of the paste)

So far, there doesn’t seem to be any impact on economic sanctions, but this appears to be one of the worst, if not the worst, hacks of a Canadian corporation.

According to the hackers, data available in the torrent includes:

  • employee/customer personal information, phone numbers, emails, mailing addresses
  • employee/customer termination reports
  • employee salary information bonus information and severance packages
  • employee/customer SINS, scans of driver licenses birth certificates health cards
  • contractors confidential deals
  • Donations, political party donations
  • credit card numbers, statements and transactions
  • medical records, drug tests etc
  • employee stock options
  • IT rapid7 vulnerability reports
  • legal documents
  • invoices of expenses
  • employee performance reviews
  • employee T4’s and other tax documents
    and much more

Inspection of what they submitted to DataBreaches.net appears to confirm their description. The Rapid7 audit report was generated April 26, 2015, and a copy of a political donation check reveals Detour Gold’s bank routing number and account number. A paste describing the data dump contains 37 Social Insurance Numbers of employees/customers.

None of the data are encrypted.

As noted above, Detour Gold stated on May 3 that they did not see any evidence the hackers still had access, but yesterday’s data dump includes more recent material such as the following employee termination letter, which is being redacted by DataBreaches.net to delete the employee’s details:

Registered and Electronic Mail

May 20, 2015
Confidential

[First Name and Last Name Redacted]
[Postal Address Redacted]
Thunder Bay, ON
P7C 5Z2
[redacted]@hotmail.com

Dear [Redacted]:

This letter serves to confirm your discussion with Larry Lazeski – Mine Operations Superintendent on May 20, 2015, advising you that your employment with Detour Gold is terminated effective immediately.

In this regard, we are providing the following arrangement:

[…]

[Redacted], we wish you well in your future endeavours.

Sincerely,

Craig Rintoul
Open Pit Manager

A letter to the same employee dated May 19, 2015 from Rintoul began:

Dear [redacted]

We attempted to contact you multiple times on May 15, 16, 17, 18 and 19 to discuss your employment status, however unfortunately we were unable to reach you. This letter will confirm our decision to terminate your employment effective May 19, 2015. The decision to do so comes after a thorough consideration of your employment history and recent serious safety incident.

In this regard, we are providing the following arrangement:

Detour Gold had notified the Privacy Commissioner of Canada and affected employees after the earlier reports. They had also involved the Canadian Incident Response Center, and were reportedly working with several security advisors to resolve the issue.

DataBreaches.net emailed Detour Gold yesterday to ask for a statement about the latest data dump and what appears to be ongoing access to their network. They were not aware of the paste or the data dump until this site notified them, and said they would have Human Resources confirm or deny the authenticity of the employee termination letter.

As of the time of this publication, they reneged on their statement that they would confirm or deny the authenticity of the exposed termination letter and sent only the following statement: “We are reviewing the matter and taking appropriate actions.”

DataBreaches.net has reached out to the employee whose termination letter was exposed to ask for his reaction and will update this post as more information becomes available, but it seems clear Detour Gold has an ongoing and very serious problem.

Category: Business SectorExposureHackNon-U.S.Of Note

Post navigation

← IE: Free GP care registration site suffers data breach
MS: State alerts school district that it’s exposing personal and sensitive student information →

4 thoughts on “EXCLUSIVE: Russian hackers claim they still own Detour Gold, dump more data”

  1. Simple Moi says:
    June 22, 2015 at 12:31 pm

    Aside from the obvious stated above, one thing caught my attention when I looked at their “current job opportunities” in relation to the privacy policy, it states:

    “The Company collects information volunteered by you”

    Is that supposed to be some sort of disclaimer for responsibility/accountability? As in, “you should have known better”?

    Then:
    “Detour Gold takes reasonable security measures to protect personal information from loss, unauthorized access, destruction, misuse, modification and disclosure. Detour Gold treats the information with a high degree of regard and awareness for the private nature of the data. Our primary objective is to maintain the integrity and security of the data. Detour Gold cannot guarantee secure transmission over the internet.”

    Well, let’s not go there.

    Then:
    The Detour Gold employee who is responsible for maintaining the privacy of information collected via the website interface, can be reached at
    [email protected]. Any questions or complaints about Detour Gold’s collection, use or disclosure of personal information through this website should be made to that individual.

    A website only privacy officer? What about the CV’s submitted to them based on the website? Where is the company privacy officer? How can they be reached?

    Is it just me or does anyone else find the privacy policy lacking?

    Has any CV/resume info been dumped?

  2. Igor says:
    June 22, 2015 at 12:58 pm

    lol three separate data dumps and they still have access? IT security fail Detour Gold

  3. Anonymous says:
    June 25, 2015 at 11:20 pm

    Its Really upsetting. Not only for employees but also for the employees families as well.

  4. Detour Employee says:
    June 27, 2015 at 10:25 pm

    Detour always seems to cheap out on the important things that keep a mine alive a running.
    Now all of our info is available to anybody that has access to the internet. We never even got a sorry.
    We will now and forever be and easy victim of cyber crime and identity theft.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.