The Channel logo


By | Iain Thomson 8th March 2016 00:32

Bungling Seagate staffer leaked coworkers' social security numbers, other info to email fraudsters

Always check the headers

Storage drive biz Seagate is lousy at keeping its own data safe: it accidentally handed over the crown jewels of its employees' private information to persons unknown.

A Seagate employee was fooled by an email that masqueraded as an internal memo from the CEO: the message requested people's W-2 forms, and the worker duly handed over the paperwork to fraudsters thinking the request was legit.

The forms include colleagues' social security numbers, income figures, work and home addresses, and other data useful to identity thieves. Anyone who worked at Seagate at any point in 2015 will have had their details leaked.

"On March 1, 2016, Seagate Technology learned that the 2015 W-2 tax form information for current and former US-based employees was sent to an unauthorized third party in response to a phishing email scam," the biz said in a statement to The Reg.

"At this point we have no information to suggest that employee data has been misused, but caution and vigilance are in order. We deeply regret this mistake and we offer our sincerest apologies to everyone affected."

Seagate has informed the IRS, America's taxmen, about the scam, and the FBI has launched an investigation. In the meantime, the tax authorities will be scrutinizing returns from Seagate employees more carefully this year, and the firm has given staff two years of credit fraud protection.

This is the busiest time of the year for Americans and their tax affairs, both legitimate and illegitimate, and last week something similar happened to Snapchat. The fear is that with this information scammers can file false tax records impersonating employees and funnel refunds into the crooks' bank accounts.

Seagate can, at least, take comfort in the fact that it's better at this stuff than the actual IRS. Earlier this month, the tax agency was forced to admit it let slip up to 700,000 tax forms thanks to flaws in its electronic filing system.

Seagate's woes do, however, show the importance of checking the details on emails to avoid getting phished. Too many people are still getting caught out by official-looking emails and not double checking when sending out sensitive info.

Public-key encryption cofounder Whitfield Diffie put it best last week at the RSA conference when he was asked what his first reaction was when he was emailed to say he'd won the Turing Prize – the tech industry's Nobel Prize.

"I spent a long time checking the email headers very, very carefully," he joked. ®

comment icon Read 12 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe