Seagate employees at risk of identity theft after employee data disclosed HOTforSecurity

1 of 5

E-THREATS

You Are Here: Home

INDUSTRY NEWS

Industry News

MALWARECITY

MOBILE & GADGETS

TIPS AND TRICKS

Seagate employees at risk of identity theft after employee data disclosed

Search here ...

No Banner to display

Seagate employees at risk of identity theft after

employee data disclosed
By: Graham Cluley |

comment : 0 |

March 07, 2016 | Posted in: Industry News

Past and present US employees of data storage firm Seagate are learning to face the facts: their identities may now
be in the hands of a criminal gang, after the company revealed that a phishing attack had successfully stolen
personal and tax information.

Be the first of your friends to like this

Adware

Android

Antivirus

Apple

Anonymous
Attack

Backdoor

Seagate employees at risk of identity theft after employee data disclosed HOTforSecurity

2 of 5

Bitdefender

Breach

Cyber-attack

Bitdefender Products

You may take password security

Ready to Embrace

seriously now, but your past can haunt

E-THREATS

Israeli Researchers
to beDropped
a senior by
executive
of th

Data Breach
Facebook

DDoS

Facebook Scams

ALERTS

SOCIAL NETWORKS
you
Windows 10
INDUSTRY
NEWS as
t an employee was tricked into sending W-2 tax forms (which include such sensitive
information
July 08, 2015
Three
SamsungtoKNOX
Vulnerabilities
l security numbers, salaries, and
addresses)
an attacker,
who simply sentMALWARECITY
a forged email claiming
Windows 8 Stores Logon

Exploit

China

Fbi

Fraud

Hacker

Google

Hackers

BITDEFENDER TECHNOLOGY Malware

Microsoft

Hack

Hacking
Omelette

Passwords in Plain Text

VIDEOS
Power Plant Controllers Deemed
October 12, 2012
t sophisticated attack in the world,
but one
that is Repair
remarkably effectively asBOTNETS
Snapchat discovered to
Vulnerable
Beyond
nth when it was stung in a similar scam that exposed
CONTEST
1800+ Minecraft
IoT proliferation, the biggest blind spot
HACKING
usernames and passwords
for companies
HOW TO.
DeRitis confirmed to security blogger Brian Krebs details of what happened
in the attack on
leak ic
online
MALWARE HISTORY
January 19, 2015
US CISOs earnings reach $400K+ in
MISCELLANEOUS
San Francisco, survey finds
PHISHING ALERT
Scammers Impersonate
On March 1, Seagate Technology learned that the 2015 W-2 tax form information for
Q&A FROM THE LABS
Bank Exec on LinkedIn to
current and former U.S.-based employees was sent to an unauthorized third party in
Target Corporate Bank
SOCIAL NETWORKS
response to the phishing email scam.
Accounts
SPAM
May 08, 2013
SPAM REVIEW
The information was sent by an employee who believed the phishing email
was a
UNCATEGORIZED
legitimate internal company request.

VIRUSES DESCRIPTIONS
VULNERABILITIES

REVIEW
When we learned about it, we immediately notified federal authorities WEEKLY
who are now
actively investigating it. We deeply regret this mistake and we offer ourMOBILE
sincerest& GADGETS
AND TRICKS
apologies to everyone affected. Seagate is aggressively analyzing whereTIPS
process
changes are needed and we will implement those changes as quickly as we can.

2012 Powered By Bitdefender

Password
Ransomware
Security

Windows

Privacy

Scam

Scams

Slider

Software
Uk

Phishing

Spam
Us

Virus
Worm

Social Media
Trojan

Twitter

Vulnerability

Seagate employees at risk of identity theft after employee data disclosed HOTforSecurity

3 of 5

I want you to send me the list of W-2 copy of employees wage and tax statement for
2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare
the lists and email them to me asap.

The emails forged headers made it appear as if it had been sent from the CEOs corporate email account, but the
return address went to a third party.

Fortunately KnowBe4s staff had their wits about them (as you would hope for a security awareness company!) and
no sensitive data was transmitted, but its easy to imagine how in many companies a worker might rush to assist the
CEO without correctly asking themselves whether what they were doing was safe.

Thats what happened at Snapchat, and what appears to have now happened at Seagate too.

An unknown number of affected individuals have been contacted via post by Seagate, and offered credit monitoring
paid for by the company. However, as Krebs points out, this is unlikely to be much use against tax refund fraud.

The biggest concern is that criminal gangs will use the stolen information to create an online account with the IRS in
a victims name, and claim a tax refund.

Clearly criminals are actively exploiting human weakness and desire to help the boss to extract sensitive

Seagate employees at risk of identity theft after employee data disclosed HOTforSecurity

4 of 5

information from companies. It is highly unlikely that the likes of Seagate and Snapchat will be the last to be targeted
in this way.

Implement tight controls over access to sensitive information in your organisation, and procedures regarding how
data can be shared securely only those with a genuine need to access the data. Combine these best practices with
a security awareness program to make sure that all staff are aware of the risks, and are on the look out for
scammers.

Tweet

79
Like

49
Share

submit
StumbleUpon
Submit

Previous

Next

About The Author

Graham Cluley
Security analyst
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has
been working in the computer security industry since the early 1990s, having been employed
by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about
computer security for some of the world's largest companies, worked with law enforcement
agencies on investigations into hacking groups, and regularly appears on TV and radio
explaining computer security threats. Graham Cluley was inducted into the InfoSecurity
Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons
in IT History" for his contribution as a leading authority in internet security.
Number of Entries : 183

Related posts