March 24 (Reuters) - U.S. cybersecurity firm Fortra said
suspicious activity was identified within its GoAnywhere
software nearly two months ago, a day after Rio Tinto
in a staff memo said personal data of some of its Australian
employees may have been stolen.
The internal memo seen by Reuters on Thursday revealed
payroll information, like payslips and overpayment letters, of a
small number of the mining giants' Australian employees from
January 2023 had possibly been seized by a cybercriminal group.
"On Jan. 30, 2023, we were made aware of suspicious activity
within certain instances of our GoAnywhere MFTaaS solution," a
Fortra spokesperson told Reuters in an email on Friday.
"We immediately took multiple steps to address this,
including implementing a temporary outage of this service to
prevent any further unauthorized activity."
Fortra declined to comment on specific customers when asked
about Rio Tinto, but said it was notifying potentially affected
customers who may have been impacted and coordinating with the
U.S.' Cybersecurity and Infrastructure Security Agency.
Over the past few weeks, a host of global firms and
government institutions have reported cybersecurity incidents
linked to GoAnywhere, a vendor providing data transfer services
and owned by Minnesota-based Fortra.
