On October 27, 2023, Barrick Gold filed a notice of data breach with the Attorney General of Montana after discovering that MOVEit, a secure file-transfer software used by the company, contained a critical vulnerability. In this notice, Barrick explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Barrick began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Barrick Gold, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Barrick Gold / MOVEit data breach. For more information, please see our recent piece on the topic here.

What Caused the Barrick Gold Data Breach?

The Barrick Gold MOVEit data breach was only recently announced, and more information is expected in the near future. However, Barrick’s filing with the Attorney General of Montana provides some important information on what led up to the breach. According to this source, Barrick uses a secure file-transfer program called MOVEit, which is a product of Progress Software. On May 31, 2023, Progress Software announced that MOVEit contained a critical vulnerability that, if exploited, gave unauthorized parties access to companies’ MOVEit servers.

When Barrick learned of the MOVEit vulnerability, the company launched an investigation with the assistance of third-party cybersecurity specialists into the impact of the incident. Barrick Gold also notified law enforcement and is cooperating with the ongoing investigation.

Ultimately, Barrick’s own investigation confirmed that certain files on the company’s MOVEit server were accessed and copied by an unauthorized party between May 28, 2023 and June 2, 2023. It was later determined that some of these files contained confidential consumer information.

After learning that sensitive consumer data was accessible to an unauthorized party, Barrick Gold reviewed the compromised files to determine what information was leaked and which consumers were impacted. Barrick completed this process on September 18, 2023.

On October 27, 2023, Barrick Gold sent out data breach letters to anyone who was affected by the recent data security incident. The data breach letter posted on the Montana AG site, however, does not provide a list of the affected data types. However, the individualized data breach letters addressed to victims should provide a list of what information was compromised.

More Information About Barrick Gold

Founded in 1983, Barrick Gold is a mining company based out of Toronto, Ontario, Canada. Barrick engages in the production and sale of gold, as well as related activities, such as exploration and mine development. Barrick Gold is publicly traded on the New York Stock Exchange under the symbol “GOLD.” Barrick Gold employs more than 21,869 people and generates approximately $12 billion in annual revenue.