The mining giant’s chief security officer on Thursday notified staff that one of its suppliers which provided transfer services had been the target of a “cyber criminal group”.

Scott Brown informed staff that cloud-based vendor GoAnywhere was the provider which had been targeted by the group and that “threats have been made by a cyber criminal group to release data on to the dark web”.

“This data relates to certain records processed by our payroll services team in January 2023 (such as pay slips and overpayment letters) for a small portion of past and present employees based in Australia, who received these records by post,” Mr Brown told staff in the note.

“We are proactively contacting potentially impacted employees about this and to offer our support, including connecting them with a list of services available to safeguard their online identity.”

Rio Tinto would contact staff who had been potentially impacted by the breach by both mail and email. Those who hadn’t been contacted are understood to have not been affected.

GoAnywhere had initially told Rio Tinto no data had been stolen but later said “further investigations now indicate a possibility that Rio Tinto data may be impacted”, according to Mr Brown’s note.

“To date none of the records described above have been released, and we still do not know if the cyber criminal group holds these records or not,” he said.

It’s understood a ransomware gang by the name of CL0P has published Rio Tinto’s website among a list of other organisations it claims to have breached.

Edith Cowan University computing and security adjunct lecturer James Kang said ransomware gangs typically didn’t list companies they hadn’t been able to breach.

However, ransomware gangs have been known to try to manipulate companies and damage their reputation by boasting of false attacks as well as waste their resources, he said.

“From the perspective of cyber security management teams, they have to take the list of companies which were allegedly breached as genuine until they clear any doubt. That is the normal practice of security response,” Mr Kang said.

Earlier this month it was revealed that there was breach on one of the hundreds of dashcams installed in Rio Tinto-owned trucks and vehicles. In January, Rio Tinto had installed dashcams made by Korean manufacturer Blackvue in vehicles at the Nammuldi mine.

A spokesman confirmed that the recordings from a dashcam, which may have contained private conversations and phone calls, were accessed by a user despite the company telling workers that would not happen.

The company said it had worked with the dashcam provider to ensure any data recorded by the new cameras could not be accessed via Bluetoooth or Wi-Fi. However Rio Tinto later discovered that data stored on an SD card within a dashcam was accessed by someone in the same vehicle after they had connected to the camera via Bluetooth.

“Rio Tinto is working with the provider to investigate the matter and currently does not believe any data from these cameras has been accessible by anyone off-site,” he said.

“Rio Tinto is inspecting all vehicles on site to ensure Bluetooth functionality is disabled.”

Mr Kang said s0me Blackvue cameras appeared to allow access to data in the same way CCTV cameras did.

Joseph LamReporter

Joseph Lam is a technology and property reporter at The Australian. He joined the national daily in 2019 after he cut his teeth as a freelancer across publications in Australia, Hong Kong and Thailand.

@editorialjoe

More related stories

The Wall Street Journal

Google’s earnings power holds up in trade turbulence

Parent Alphabet reported solid first quarter earnings, but the impact of tariffs going forward is still unclear as the internet giant spends record sums on artificial intelligence.

Read more

Property

Australian data centre market world’s second hottest

Australia has become the second hottest data centre investment market in the world, with the industry projected to reach $US4 trillion in value by 2030, according to a new report.

Read more