DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

EXCLUSIVE: Russian hackers claim they still own Detour Gold, dump more data

Posted on June 22, 2015 by Dissent

Update and Correction: The hacker(s) is/are likely not Russian, but Canadian.


If you’ve been employed by Detour Gold at any time since 2007, your personal information may already have been acquired and dumped by Russian hackers – including your name, date of birth, salary information, employment details, and Social Insurance Number.  And if your employment history included any medical, disability, or disciplinary records, they may be exposed on the Internet now, too.

On April 21, and again on May 3, this site reported that  Detour Gold Corporation  (TSX: DGC) appeared to have been massively hacked with corporate and employee information dumped. In response to the hackers’ claims that they still had access to Detour Gold’s databases, Detour Gold’s IT Manager, Reza Alirezaei, had informed DataBreaches.net, “We are monitoring our network perimeters with the monitoring tools we have and we don’t see any suspecious activities.”

Perhaps they can see it now.

The hackers, who call themselves the Angels_Of_Truth, have dumped even more data. Inspection of what they sent DataBreaches.net indicates that the data dump includes employee information that was generated after the April 21st  date of their first dump – and includes files dated as recently as May 20, 2015, supporting their claim that they have had ongoing access to Detour Gold’s system.

The hackers write:

Detour Gold seems to remain oblivious to the fact their computer network and all the personal customer / employee data as well as sensitive corporate data has been compromised. The network remains up online and all the data still unencrypted and available for all to see.

We have taken over 100 Gigs of data from the Detour Gold computer network covering from 2007 – present day, yet again we have decided to leak more data, 18 Gigs of raw copies of some of the compromised documents are available via torrent download located here:

[url redacted by DataBreaches.net as per this site’s policy concerning claimed data dumps that include personal information]

the Angels_Of_Truth continue to maintain access to the Detour Gold network, even after we have already leaked data on two seperate occasions, this is our 3rd and largest data leak yet, with more to follow.

As long as economic sanctions persist on Russia so will cyber attacks on the Canadian economic sector. (we included some SIN numbers at the bottom of the paste)

So far, there doesn’t seem to be any impact on economic sanctions, but this appears to be one of the worst, if not the worst, hacks of a Canadian corporation.

According to the hackers, data available in the torrent includes:

  • employee/customer personal information, phone numbers, emails, mailing addresses
  • employee/customer termination reports
  • employee salary information bonus information and severance packages
  • employee/customer SINS, scans of driver licenses birth certificates health cards
  • contractors confidential deals
  • Donations, political party donations
  • credit card numbers, statements and transactions
  • medical records, drug tests etc
  • employee stock options
  • IT rapid7 vulnerability reports
  • legal documents
  • invoices of expenses
  • employee performance reviews
  • employee T4’s and other tax documents
    and much more

Inspection of what they submitted to DataBreaches.net appears to confirm their description. The Rapid7 audit report was generated April 26, 2015, and a copy of a political donation check reveals Detour Gold’s bank routing number and account number. A paste describing the data dump contains 37 Social Insurance Numbers of employees/customers.

None of the data are encrypted.

As noted above, Detour Gold stated on May 3 that they did not see any evidence the hackers still had access, but yesterday’s data dump includes more recent material such as the following employee termination letter, which is being redacted by DataBreaches.net to delete the employee’s details:

Registered and Electronic Mail

May 20, 2015
Confidential

[First Name and Last Name Redacted]
[Postal Address Redacted]
Thunder Bay, ON
P7C 5Z2
[redacted]@hotmail.com

Dear [Redacted]:

This letter serves to confirm your discussion with Larry Lazeski – Mine Operations Superintendent on May 20, 2015, advising you that your employment with Detour Gold is terminated effective immediately.

In this regard, we are providing the following arrangement:

[…]

[Redacted], we wish you well in your future endeavours.

Sincerely,

Craig Rintoul
Open Pit Manager

A letter to the same employee dated May 19, 2015 from Rintoul began:

Dear [redacted]

We attempted to contact you multiple times on May 15, 16, 17, 18 and 19 to discuss your employment status, however unfortunately we were unable to reach you. This letter will confirm our decision to terminate your employment effective May 19, 2015. The decision to do so comes after a thorough consideration of your employment history and recent serious safety incident.

In this regard, we are providing the following arrangement:

Detour Gold had notified the Privacy Commissioner of Canada and affected employees after the earlier reports. They had also involved the Canadian Incident Response Center, and were reportedly working with several security advisors to resolve the issue.

DataBreaches.net emailed Detour Gold yesterday to ask for a statement about the latest data dump and what appears to be ongoing access to their network. They were not aware of the paste or the data dump until this site notified them, and said they would have Human Resources confirm or deny the authenticity of the employee termination letter.

As of the time of this publication, they reneged on their statement that they would confirm or deny the authenticity of the exposed termination letter and sent only the following statement: “We are reviewing the matter and taking appropriate actions.”

DataBreaches.net has reached out to the employee whose termination letter was exposed to ask for his reaction and will update this post as more information becomes available, but it seems clear Detour Gold has an ongoing and very serious problem.

Category: Business SectorExposureHackNon-U.S.Of Note

Post navigation

← IE: Free GP care registration site suffers data breach
MS: State alerts school district that it’s exposing personal and sensitive student information →

4 thoughts on “EXCLUSIVE: Russian hackers claim they still own Detour Gold, dump more data”

  1. Simple Moi says:
    June 22, 2015 at 12:31 pm

    Aside from the obvious stated above, one thing caught my attention when I looked at their “current job opportunities” in relation to the privacy policy, it states:

    “The Company collects information volunteered by you”

    Is that supposed to be some sort of disclaimer for responsibility/accountability? As in, “you should have known better”?

    Then:
    “Detour Gold takes reasonable security measures to protect personal information from loss, unauthorized access, destruction, misuse, modification and disclosure. Detour Gold treats the information with a high degree of regard and awareness for the private nature of the data. Our primary objective is to maintain the integrity and security of the data. Detour Gold cannot guarantee secure transmission over the internet.”

    Well, let’s not go there.

    Then:
    The Detour Gold employee who is responsible for maintaining the privacy of information collected via the website interface, can be reached at
    [email protected]. Any questions or complaints about Detour Gold’s collection, use or disclosure of personal information through this website should be made to that individual.

    A website only privacy officer? What about the CV’s submitted to them based on the website? Where is the company privacy officer? How can they be reached?

    Is it just me or does anyone else find the privacy policy lacking?

    Has any CV/resume info been dumped?

  2. Igor says:
    June 22, 2015 at 12:58 pm

    lol three separate data dumps and they still have access? IT security fail Detour Gold

  3. Anonymous says:
    June 25, 2015 at 11:20 pm

    Its Really upsetting. Not only for employees but also for the employees families as well.

  4. Detour Employee says:
    June 27, 2015 at 10:25 pm

    Detour always seems to cheap out on the important things that keep a mine alive a running.
    Now all of our info is available to anybody that has access to the internet. We never even got a sorry.
    We will now and forever be and easy victim of cyber crime and identity theft.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.