Seagate employees’ personal data pinched in phishing attack

Seagate employees in the US have had their social security numbers, salaries, work and home addresses, and other data stolen in a phishing attack.

An employee, most likely high up in the chain of command in HR at the company, was duped by a bogus email requesting W-2 forms of Seagate employees.

On 1 March, the conned employee acquiesced the request for W-2 forms in an email purportedly from CEO Stephen Luczo, who said he wanted the data for current and past Seagate employees.

The exposed data could lead to some sticky tax fraud problems for said employees, but the firm is assuring workers that it has no information to suggest their data has been misused…yet.

“On 1 March 2016, Seagate Technology learned that the 2015 W-2 tax form information for current and former US-based employees was sent to an unauthorised third party in response to a phishing email scam,” a company spokesperson said.

“At this point we have no information to suggest that employee data has been misused, but caution and vigilance are in order. We deeply regret this mistake and we offer our sincerest apologies to everyone affected.”

Seagate spokesperson Eric DeRitis told security reporter Brian Krebs, who first learned of the breach from an employee, that the Internal Revenue Service (IRS) and federal authorities were notified immediately.

“When we learned about it, we immediately notified federal authorities who are now actively investigating it. We deeply regret this mistake and we offer our sincerest apologies to everyone affected. Seagate is aggressively analysing where process changes are needed and we will implement those changes as quickly as we can,” DeRitis told Krebs.

DeRitis claims that less than 10,000 employees were affected, but the figure still stands at “several thousand”.