Rio Tinto data vendor GoAnywhere’s possible breach spotted in January

(Reuters) — U.S. cybersecurity firm Fortra said suspicious activity was identified within its GoAnywhere software nearly two months ago, a day after Rio Tinto in a staff memo said personal data of some of its Australian employees may have been stolen.

The internal memo seen by Reuters on Thursday revealed payroll information, like payslips and overpayment letters, of a small number of the mining giants’ Australian employees from January 2023 had possibly been seized by a cybercriminal group.

“On Jan. 30, 2023, we were made aware of suspicious activity within certain instances of our GoAnywhere MFTaaS solution,” a Fortra spokesperson told Reuters in an email on Friday.

“We immediately took multiple steps to address this, including implementing a temporary outage of this service to prevent any further unauthorized activity.”

Fortra declined to comment on specific customers when asked about Rio Tinto, but said it was notifying potentially affected customers who may have been impacted and coordinating with the U.S.’s Cybersecurity and Infrastructure Security Agency.

Over the past few weeks, a host of global firms and government institutions have reported cybersecurity incidents linked to GoAnywhere, a vendor providing data transfer services and owned by Minnesota-based Fortra.