Australian Cyber Attack, 23 March 2023

Tinto says staff’s personal data may have been hacked in memo after an attack on GoAnywhere software

Stolen data possibly includes payslips, overpayment letters

Company Statement: Frontier Software cyber attack and data breach – Frequently asked questions
Source: Incident: Rio Tinto says staff’s personal data may have been hacked in memo after an attack on GoAnywhere software | ABC News (Australia)

View more incidents from the Mining and Resources sector.

Rio Tinto says the personal data of some past and present Australian staff may have been stolen as part of a criminal cyberattack of a supplier to the mining giant.

Rio told employees on Thursday that payroll information like payslips for a small number of staff had possibly, but not certainly, been seized by the “cybercriminal group” behind a hack of data transfer tool GoAnywhere.

The cybercriminal group threatened to release the data onto the dark web and investigations into the incident were ongoing, the mining giant said.

As GoAnywhere is a cloud-based vendor, there is no operational impact or risk to the Rio Tinto network, the memo said.

A host of global firms and government institutions have reported cybersecurity incidents linked to GoAnywhere over the past few weeks.