Phishing Attack Plagues Seagate

Tuesday, March 8, 2016 @ 03:03 PM gHale


A phishing email scam caught Seagate Technology off guard.

The attack caused the data storage firm to disclose private employee information like tax information, including Social Security numbers and salaries, for all current and former U.S.-based employees.

RELATED STORIES
Mars Rover: Code Used for Espionage
Multi-APT’s Linked to One Attack Group
ICS-CERT BlackEnergy Report
BlackEnergy in other Ukraine Systems

The information ended up sent to an unauthorized third party last week, the Cupertino-based company told CNBC.

“The information was sent by an employee who believed the phishing email was a legitimate internal company request … At this point, we have no information to suggest that employee data has been misused, but caution and vigilance are in order.”

Seagate added it had immediately notified the Internal Revenue Service (IRS), which is now actively investigating it along with federal law enforcement.

Seagate also provided affected employees with a two-year membership to an identity theft protection service developed by Experian.

An individual’s tax details are typically used by cyber criminals looking to scam the IRS.

The scam ended up uncovered by cyber security researcher Brian Krebs.

Tax refund fraud was responsible for a nearly 50 percent increase in U.S. consumer identity theft complaints last year, Krebs said, citing official statistics.

Seagate said the IRS had immediately put a watch for fraudulent filings on all of the company’s employees’ accounts.