Security Experts:

Connect with us

Hi, what are you looking for?



Seagate Employee Tax Forms Stolen in Phishing Attack

The W-2 tax documents of several thousand current and former employees of data storage company Seagate ended up in the hands of fraudsters after an employee fell victim to a phishing attack.

Seagate breached

The W-2 tax documents of several thousand current and former employees of data storage company Seagate ended up in the hands of fraudsters after an employee fell victim to a phishing attack.

Seagate breached

Seagate confirmed to SecurityWeek that the 2015 W-2 tax form information for current and former employees based in the United States was sent to an “unauthorized party” in response to a phishing scam. The company noted that only tax information for the year 2015 was exposed in the breach that came to light on March 1.

“The information was sent by an employee who believed the phishing email was a legitimate internal company request. When we learned of the incident, we immediately notified the IRS which is now actively investigating it along with federal law enforcement,” Seagate spokesman Eric DeRitis said in an emailed statement. “At this point we have no information to suggest that employee data has been misused, but caution and vigilance are in order. We deeply regret this mistake and we offer our sincerest apologies to everyone affected.”

Phishing Protection

DeRitis said the exact number of affected employees has only been shared with the IRS and federal authorities. “It’s accurate to say several thousand, but it is less than 10,000 by a decent amount,” he told SecurityWeek.

The incident was first reported by security blogger Brian Krebs who learned about the incident from a former Seagate employee.

Seagate claims it’s in the process of making changes to prevent future incidents. In the meantime, the company will cover the costs of a two-year Experian ProtectMyID membership for affected employees.

W-2 forms, which show the amount of taxes withheld from an employee’s paycheck, are used to file federal and state taxes. These documents include social security numbers and other personal details, which can be leveraged by malicious actors to file fraudulent tax returns with the IRS.

It’s not uncommon for such information to be abused by fraudsters. The tax agency reported last month that cybercrooks had used stolen SSNs to generate over 100,000 PINs on the IRS’s Electronic Filing PIN application.

SSNs and other information was also used last year to target the IRS’s “Get Transcript” application. The agency revealed last week that the incident affected more than 700,000 taxpayers.

Business email compromise (BEC) scams, such as the one targeted at Seagate, are also increasingly common. Aircraft parts manufacturer FACC AG revealed in January that cybercriminals managed to steal $54 million in a scheme targeting the company’s finance department.

“Phishing scams are increasingly more sophisticated and convincing, and today’s news is a great example of how difficult it can be to avoid such targeted schemes. In this case, it appears that electronic digital rights management could have helped maintain data privacy,” Scott Gordon, COO of file security company FinalCode, told SecurityWeek. “Using the proper controls for data access and encryption would ensure that the file owner – in this case Seagate –maintains control of the data, even after it was mistakenly sent. Certainly, the capability to remotely delete the files after they were sent would have been very useful too.”

Related Reading: Social Engineering – How an Email Becomes a Cyber Threat

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.