Rio Tinto has warned its staff of a data hack on GoAnywhere software.
According to a company memo, data of former and current employees may have been stolen by hackers.
The Australian Financial Review reported the possible seizure of payroll information, including payslips and overpayment letters.
Rio Tinto indicated a possibility that company data may also be affected.
The hackers have threatened to release the stolen data.
“While investigations into this incident are ongoing and threats have been made by a cybercriminal group to release data on to the dark web, to date none of the records described above have been released, and we still do not know if the cybercriminal group holds these records or not,” the staff memo stated.
A third-party file transfer software called GoAnywhere was the hackers’ target.
A number of firms and institutions across the globe reported being affected in recent weeks by incidents linked to GoAnywhere and the company that owns it, Fortra.
Hitachi reported that a ransomware attack on GoAnywhere might have led to the unauthorised access of employee data in different countries.
Canadian financial firm Investissement Quebec and healthcare services provider Community Health Systems reported similar experiences.
Rio Tinto expressed its disappointment about the breach.
“We continue to monitor this situation closely and will keep potentially impacted employees and former employees updated,” the staff memo stated.
“At Rio Tinto, the safety of our people is our top priority, and that includes cyber safety.
“We are deeply disappointed this incident has occurred with our vendor and express our sincere apologies to those impacted.”
Reports indicate Rio is “proactively contacting” staff members who may have been affected so they can take necessary precautions.