Owner of only US platinum mine confirms data breach after ransomware claims

Jason Macuray
The owner of the only platinum and palladium mines in the U.S. confirmed that it experienced a cyberattack this summer that exposed the sensitive information of thousands of employees.

The owner of the only platinum and palladium mines in the U.S. confirmed that it experienced a cyberattack this summer that exposed the sensitive information of thousands of employees.

Stillwater Mining Company told regulators Saturday that hackers breached company systems in the middle of June but the incident was only discovered on July 8. It took more than a month for investigators to realize that the personal information of 7,258 employees was stolen. 

In addition to names and contact information, the hackers stole government ID information, passport numbers, Social Security numbers, tax ID numbers, birth certificates, financial information like bank account numbers and medical information like health plan numbers. 

The investigation into the attack is ongoing, but the mining company said it was able to confirm the data breach on August 19. External cybersecurity experts are involved in the response to the incident. 

The company said it is working closely with law enforcement “to identify and hold accountable those responsible for this attack.”

The RansomHub hacking operation took credit for the attack on July 22 and claimed to leak all of the information it stole on August 15.

RansomHub has become a key player in the ransomware ecosystem, taking over for other Russia-based hacking gangs that were disrupted by law enforcement operations earlier this year. 

U.S. officials said RansomHub has been responsible for attacks on more than 210 organizations since February, including the city of Columbus, Rite Aid and the Planned Parenthood office in Montana

Stillwater Mining Company drew headlines in Montana last week after laying off about 700 workers in the state that worked in local mines. 

The company and U.S. Sen. Jon Tester, a Democrat, blamed the layoffs on Russia, arguing that Stillwater was forced to fire miners because Moscow is flooding U.S. markets with cheaper palladium, which is used in catalytic converters for automobiles. 

In a letter to employees, Sibanye-Stillwater Executive Vice President Kevin Robertson said the price of palladium dropped from $2,300 an ounce two years ago to under $1,000 this year. 

“We believe Russian dumping is a cause of this sharp price dislocation. Russia produces over 40% of the global palladium supply, and rising imports of palladium have inundated the U.S. market over the last several years,” he said.  

Tester called it “totally unacceptable” that the company is being “forced” to lay off workers in Montana “because Russia is dumping minerals into the US market.” The U.S. has banned the import of most Russian products since the invasion of Ukraine but has not banned Russian palladium imports. 

The Montana company’s multinational parent, Sibanye-Stillwater, reported $2.9 billion in revenue last quarter. 

CybercrimeIndustryNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Feds sentence 12 crypto thieves behind SIM swaps, home invasions

Next Post

Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals

Related Posts

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories,
Avatar
Read More