Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Seagate Employee Tax Forms Stolen in Phishing Attack

The W-2 tax documents of several thousand current and former employees of data storage company Seagate ended up in the hands of fraudsters after an employee fell victim to a phishing attack.

Seagate breached

The W-2 tax documents of several thousand current and former employees of data storage company Seagate ended up in the hands of fraudsters after an employee fell victim to a phishing attack.

Seagate breached

Seagate confirmed to SecurityWeek that the 2015 W-2 tax form information for current and former employees based in the United States was sent to an “unauthorized party” in response to a phishing scam. The company noted that only tax information for the year 2015 was exposed in the breach that came to light on March 1.

“The information was sent by an employee who believed the phishing email was a legitimate internal company request. When we learned of the incident, we immediately notified the IRS which is now actively investigating it along with federal law enforcement,” Seagate spokesman Eric DeRitis said in an emailed statement. “At this point we have no information to suggest that employee data has been misused, but caution and vigilance are in order. We deeply regret this mistake and we offer our sincerest apologies to everyone affected.”

Phishing Protection

DeRitis said the exact number of affected employees has only been shared with the IRS and federal authorities. “It’s accurate to say several thousand, but it is less than 10,000 by a decent amount,” he told SecurityWeek.

The incident was first reported by security blogger Brian Krebs who learned about the incident from a former Seagate employee.

Seagate claims it’s in the process of making changes to prevent future incidents. In the meantime, the company will cover the costs of a two-year Experian ProtectMyID membership for affected employees.

W-2 forms, which show the amount of taxes withheld from an employee’s paycheck, are used to file federal and state taxes. These documents include social security numbers and other personal details, which can be leveraged by malicious actors to file fraudulent tax returns with the IRS.

It’s not uncommon for such information to be abused by fraudsters. The tax agency reported last month that cybercrooks had used stolen SSNs to generate over 100,000 PINs on the IRS’s Electronic Filing PIN application.

Advertisement. Scroll to continue reading.

SSNs and other information was also used last year to target the IRS’s “Get Transcript” application. The agency revealed last week that the incident affected more than 700,000 taxpayers.

Business email compromise (BEC) scams, such as the one targeted at Seagate, are also increasingly common. Aircraft parts manufacturer FACC AG revealed in January that cybercriminals managed to steal $54 million in a scheme targeting the company’s finance department.

“Phishing scams are increasingly more sophisticated and convincing, and today’s news is a great example of how difficult it can be to avoid such targeted schemes. In this case, it appears that electronic digital rights management could have helped maintain data privacy,” Scott Gordon, COO of file security company FinalCode, told SecurityWeek. “Using the proper controls for data access and encryption would ensure that the file owner – in this case Seagate –maintains control of the data, even after it was mistakenly sent. Certainly, the capability to remotely delete the files after they were sent would have been very useful too.”

Related Reading: Social Engineering – How an Email Becomes a Cyber Threat

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.