Sibanye-Stillwater, a prominent mining company operating the only platinum and palladium mines in the United States, has recently confirmed a data breach that has affected thousands of its employees. The cyberattack, which was discovered in July 2024 but took place in June, compromised sensitive personal information of 7,258 employees. This breach included a wide array of personal data such as names, contact information, government IDs, Social Security numbers, passport numbers, tax IDs, financial details like bank accounts, and even medical information like health plan numbers.
The cyberattack not only resulted in operational disruptions across Sibanye-Stillwater’s global IT systems but also impacted the company’s servers, causing widespread disruptions. Despite this setback, the core mining and processing activities of the company continued largely unaffected.
Operating from its headquarters in Johannesburg, South Africa, Sibanye-Stillwater is known for its operations in precious metals like platinum and gold in South Africa. Additionally, it has international operations, including a palladium mine in the U.S. and projects in Finland, France, and Australia involving lithium, nickel, and zinc metals.
Following the discovery of the data breach, Sibanye-Stillwater initiated a thorough investigation with the help of external cybersecurity experts. The company officially confirmed the breach on August 19 and has been actively working with law enforcement to identify and hold the perpetrators accountable. Moreover, they have enhanced their cybersecurity measures by implementing real-time monitoring and endpoint detection systems.
The hacking group RansomHouse claimed responsibility for the cyberattack on Sibanye-Stillwater in July and purportedly leaked the stolen data in mid-August. The hackers claimed to have extracted 1.2 TB of data from the company. RansomHouse, which emerged in March 2022, is recognized as a multi-pronged extortion threat in the cybersecurity landscape.
In response to the breach, Stillwater Mining began notifying affected employees electronically on September 7. To mitigate potential risks of identity theft, the company is providing free identity and credit monitoring services through Experian’s IdentityWorks for a period of 24 months. Affected employees, including two Maine residents, are urged to activate their complimentary membership to Experian’s IdentityWorks by December 31, 2024, which offers identity theft detection, resolution, and credit monitoring services.
The data breach comes at a challenging time for Stillwater Mining, as the company recently laid off approximately 700 workers from its Montana operations due to market fluctuations. The plummeting price of palladium, attributed to Russia’s market manipulation, has adversely affected the company’s operations and necessitated cost-cutting measures.
Despite these challenges, Sibanye-Stillwater reported a revenue of $2.9 billion in the last quarter, showcasing its resilience in the face of adversity. The company, listed on both the Johannesburg Stock Exchange and the New York Stock Exchange, remains a significant player in the global mining and metals processing industry, specializing in platinum group metals and gold production.
Furthermore, Sibanye-Stillwater has diversified its operations into battery metals mining and recycling, underscoring its commitment to sustainability and operational resilience. As the company navigates through the aftermath of the breach and market instability, employees and law enforcement are vigilantly monitoring the situation to prevent further damage and ensure the company’s continued success.