DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ca: Detour Gold data dump exposed over 1,300 employees’ details

Posted on June 24, 2015 by Dissent

Since April, DataBreaches.net has been reporting on the hack of a small Canadian gold-mining firm, Detour Gold. As noted in April, hackers who call themselves Angels_of_Truth claim to have hacked Detour Gold in revenge for Canada’s economic sanctions on Russia. Their statements have been written in both English and Russian.

Following the first paste and dump, the hackers contacted DataBreaches.net in May, and again this past week, to point this site to additional data dumps that indicate that the hackers had (and appear to still have) access to Detour Gold’s system.

Consistent with this site’s policy of not directly linking to data dumps that include personal information, DataBreaches.net did not publish the urls for the data dumps and pastes. That information has begun to circulate anyway, however, which means that Detour Gold employees are now at even greater risk of identity theft and the company’s corporate information and accounts are more widely available to those who might misuse the information.  As but one example, one of the files the hackers sent to this site included all credit card details on a corporate credit card used by  the firm’s CEO. The authorization form  included images of the front and back of the credit card, his signature, and a photocopy of his driver’s license with his date of birth and all other details. The credit card number is not an expired number unless Detour Gold has since cancelled it.

Lee J. of CyberWarNews.info has analyzed the 18 GB dump of Detour Gold corporate and employee information and has uploaded his analysis here.

Note the wealth of employee information, most of which was not encrypted. Lee  reports that information was available on a total of 1,312 on-site and off-site employees,  with credentials sorted into folders with insurance, health and driver’s license details. Of these 1,312 employees, 1,161 were current employees, 127 were terminated employees, 70 were individuals who had been offered employment but had not accepted the offer, and 22 were on pending position offers. Information on the employees includes:

  •  Background checks
  •  Declaration of criminal record documents
  •  Criminal information centre documents
  • Social Insurance numbers, Health card Numbers, Driver’s License Numbers, Full names,
  • Dates of birth, signatures, emails, phones, home addresses, background history from
  • Very detailed resumes, banking information and related payroll information.
  • Employment conditions, offers, terms and information such as salaries and duties.
  • Interview notes, this includes full copies of the application
  • Reference check forms used as a checklist of what to ask and the answers given.
  • Fitness to work assessments
  • Students’ details from “summer employment offers” which include full names, dates of birth, home addresses, study information as well as above already mentioned information

There were 1,049 unique Social Insurance Numbers for the entire data dump.

In other words, more than enough information to accomplish identity theft.

In addition to the risk of identity theft, detailed documents concerning the termination of employment reveal transgressions by named employees that they might not wish to see in the public domain.

And of course, this is all apart from the company’s proprietary information that has also now been dumped for the public.

When asked about the lack of encryption, Lee informed DataBreaches.net:

My analysis found that at least 98% of the material was unencrypted.
Some payroll information is protected, but I suspect that it would be
relatively easy to crack the protection.

Detour Gold has stored a lot of clear text credentials in very obvious
files, which makes it very understandable how a breach of this
magnitude has happened.

But who are the Angels_Of_Truth? Are they really Russian hackers?  It’s hard to believe that Russian hackers would target such a small firm instead of a government agency or larger corporation if they want to make a political point. Attempts to reach the hackers using an email address that had worked in the past failed to reach them yesterday. Hopefully, if they see this post, they will get in touch with this site.

Category: Breach IncidentsBusiness SectorCommentaries and AnalysesNon-U.S.Of Note

Post navigation

← Login creds for US agencies found scrawled on the web’s toilet walls
AU: ALP says PM may have aided ASIO breach →

3 thoughts on “Ca: Detour Gold data dump exposed over 1,300 employees’ details”

  1. Simple Moi says:
    June 24, 2015 at 12:09 pm

    Wow. All I can saw is, wow.

    Would love to hear Detour Gold’s side to this latest.

    I would love to hear the hacking groups side of this as well. That’s an amazing job of compromising an entire company (right down to security personnel time tables and security camera’s). I bet their story is full of lulz! 😉

  2. ffsimpisst says:
    June 25, 2015 at 3:42 pm

    Dear Angels of Truth…

    Thanks for putting more stress on the working man and his family. Want to make a statement, hit the guy at the top, not the one with the shovel.

  3. Another Detour Employee says:
    July 2, 2015 at 4:01 pm

    It’s sad that we all put our trust into this company to keep our information safe and to find out it was even encrypted….

    Pretty dissapointing…. thanks a lot Detour.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.