Data storage company Seagate has been tricked into handing over sensitive tax documents about its employees to unknown people on the internet after it was targeted by an email scam.
Brian Krebs reports Seagate was sent an email that pretended to be from someone inside the company. An employee fell for it and handed over information on thousands of people.
These email scams are known as “phishing” attacks, where criminals impersonate company employees to try to gain information about the company or its customers.
This isn’t the first time that a technology company has been fooled by an email scam. Snapchat recently fell for a similar phishing attack that spoofed an email from CEO Evan Spiegel. That resulted in payroll information being leaked.
And it doesn’t just happen in the US, either. A series of London startups were also hit by phishing attacks in 2015. Around 10 well-funded startups were targeted by criminals who impersonated startups CEOs in search of money.
Seagate provided this comment to Business Insider about the incident:
On March 1, Seagate Technology learned that the 2015 W-2 tax form information for current and former U.S.-based employees was sent to an unauthorised third party in response to the phishing email scam. The information was sent by an employee who believed the phishing email was a legitimate internal company request. When we learned about it, we immediately notified federal authorities who are now actively investigating it. We deeply regret this mistake and we offer our sincerest apologies to everyone affected. Seagate is aggressively analysing where process changes are needed and we will implement those changes as quickly as we can. Seagate is also offering affected employees at least two-years’ membership to Experian’s ProtectMyID® service, paid for by the company — no questions asked.