Seagate released employee tax data in phishing attack
'Less than 10,000' past and present employees had their W2 information compromised.
Tax season is upon us (sorry for the reminder), and apparently if you want the W2-form information of thousands of Seagate employees, past and present, all you have to do is email and ask for it. A company spokesperson confirmed the phishing attempt to Krebs on Security, saying that on March 1st a Seagate employee released 2015 W2 info to someone believed to be acting in official capacity for the storage-minded outfit. Yep, it's pretty similar to what happened with Snapchat recently.
For Seagate's part, the company is apologizing and offering two years of identity theft monitoring and protection to those affected. It's also "aggressively analyzing where process changes" are required and will put them in place as soon as possible. Exactly how many people are affected? Seagate won't release that data to anyone but the feds, but says it's "less than 10,000 by a good amount." Maybe if you ask nicely enough and email the right person you'll have an answer. After all, phishing has about a 45 percent success rate.
Krebs notes that identity theft protection is one thing, but it won't cover any types of loss stemming from fraudulently-filed tax returns. Last year, the Internal Revenue Service predicted tax-return fraud would hit $21 billion by 2016 -- looks like this will fall under that forecast.
