Canadian-based gold miner among the latest MOVEit data breach victims

One of the biggest gold and copper miners in the world is among the latest companies to be listed as victims of the vulnerability in Progress Sofware’s MOVEit file transfer platform, according to a cybersecurity researcher.

Brett Callow, Canadian-based threat researcher for Emsisoft, tweeted today that Barrick Gold Corp. of Toronto has been listed by the Clop/Cl0p ransomware and data theft gang as being among the companies it hit.

Neither Barrick’s CEO nor its press spokesperson have responded to requests for comment by press time. This story will be updated when they reply.

Two other victims were listed by Clop today, making the total number of publicly-reported victim organizations 193, according to Callow. It isn’t known how many of them paid to prevent their stolen data from being leaked either publicly or to other crooks.

Barrick, which says it is the largest gold producer in the U.S., posted net earnings of US$432 million on US$5.6 billion in sales in its last fiscal year, through its 15 gold and three copper mines in 12 countries.

The other organizations listed as victims today by Clop are Texas Dow Employees Credit Union and the Texas-based United Regional Health Care System.

Also today, Progress Software said that in response to customer demand for a regular update schedule, its MOVEit team has formalized a regular Service Pack program for all MOVEit products. “We expect to release a new Service Pack approximately every two months going forward,” the company said. “All details on major releases, service packs, including today’s release, and hot fixes can be found in the MOVEit Product Hub.

The first Service Pack is now available, and includes product and security fixes for supported versions of MOVEit Transfer. The Service Pack has also been applied to MOVEit Cloud. MOVEit Automation will be included in future Service Pack releases. Today’s release includes improvements to the MOVEit Transfer database, optimization of the installer, and fixes for three new CVEs.

A wide range of companies that either use MOVEit internally or through a service provider have acknowledged being victims. They include:

–the Metro Vancouver Transit Police department. The agency said this week 186 of its files were copied. That is a “limited number” of its files, the agency added. There were no details about what was in the files;

— Oregon’s Department of Transportation, which said data on 3.5 million residents of the state was copied. It can’t say specifically what was copied, but those with active Oregon ID or drivers’ licences should assume related information was involved;

–Louisiana’s Office of Motor Vehicles, which said all residents with a state-issued driver’s licence, ID or car registration had personal data copied. That includes their names, addresses, Social Security numbers;

the New York City public school system, which said personal data of more than 45,000 students and staff were copied.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs