Alamos Gold (TSX: AGI; NYSE: AGI) fell victim to a cyberattack that saw confidential corporate data get disclosed to the public last year, according to an exclusive scoop by Toronto-based newspaper The Star.
The data included sensitive information such as social insurance numbers, payroll reports, financial information, and home addresses and cell numbers for senior executives, all of which were published online by the hackers, the report said.
The attack was apparently carried out by Black Basta, the same ransomware group responsible for prior attacks on Sobeys and Yellow Pages Canada, said Josh Rubin, author of the report, citing a mining industry cybersecurity expert.
As noted in the article, the data breach took place some time in April 2023. “Our operations were at no time impacted. We remain vigilant in protecting our systems and have put measures in place to address any personal information loss,” Alamos said in a statement at the time.
The gold miner currently employs more than 1,900 people. It operates three mines in North America: the Young-Davidson and Island gold mines in northern Ontario, Canada, and the Mulatos mine in Sonora state, Mexico.
Alamos Gold closed Wednesday’s session down 0.7% to C$16.28 a share, having traded between C$13.35 and C$20.20 over the past 52 weeks. The intermediate gold producer has a market capitalization of approximately C$6.5 billion ($4.8bn).
The latest incidence with Alamos Gold highlights the increased concerns of digital security within the mining industry and the frequency of attacks that can hamper the mineral extraction business.
Last December, global miner Anglo American (LSE: AAL) saw its email distribution channels get compromised, resulting in a crudely worded message and an inappropriate graphic sent to company subscribers. Four months earlier, Freeport-McMoRan (NYSE: FCX) also suffered a cyberattack, albeit a minor one that it said had limited impact on production.
In March of 2023, Rio Tinto (ASX: RIO) reported what was considered the largest cyberattack on miners at the time, which saw personal data of current and former employees being uploaded onto the dark web.
In late 2022, Vancouver-based Copper Mountain Mining — now owned by Hudbay Minerals (TSX: HBM; NYSE: HB) — dealt with a ransomware attack that led to a six-day shutdown of its Canadian treatment plant.
EY Global Information Security survey reported that 54% of mining and metals companies experienced significant cyberattacks, with 55% of executives expressing concern over their ability to manage such threats.