cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Rio Tinto staff in Australia may have been affected by data breach

Anglo-Australian mining giant Rio Tinto has warned Australian staff via an internal memo that their data may have been affected by a recent data breach.

user icon David Hollingworth
Mon, 27 Mar 2023
Rio Tinto staff in Australia may have been affected by data breach
expand image

The hack may have affected payroll information, including overpayment details and payslips.

Media outlets started reporting the dissemination of the memo late last week, but the hack could date back to at least 17 March, when the ThreatMon Ransomware Monitoring Twitter account posted that the Clop ransomware gang announced on its dark web site that it had successfully hacked the mining company.

According to the memo, which has been seen by Reuters, the hackers behind the breach are threatening to release the data online if a ransom payment is not received.


“While investigations into this incident are ongoing and threats have been made by a cyber criminal group to release data onto the dark web,” the memo read, “to date none of the records described above have been released, and we still do not know if the cyber criminal group holds these records or not”.

“At Rio Tinto, the safety of our people is our top priority, and that includes cyber safety.”

Clop has been behind a number of recent ransomware attacks, all based on a vulnerability in Fortra’s file-sharing platform GoAnywhere. The gang claims to have accessed the data of at least 130 companies in a single hacking spree. Cyber Security Connect reported last week that Hitachi had announced its own data breach, and other Clop victims include American manufacturing company Procter & Gamble and healthcare provider US Wellness.

Fortra did communicate the hack to its customers, but it told them that their data was safe — which it clearly was not.

“We are deeply disappointed this incident has occurred with our vendor and express our sincere apologies to those impacted,” Rio Tinto said in its staff memo.

Rio Tinto has not made any announcement of the breach publicly, nor how many of its staff were affected. We have reached out to Rio Tinto for comment on the attack.

Clop has been in operation since at least February 2019. The name of the gang is based on the Russian word for bedbug.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.