TechSpot

Seagate sued by its own employees after company falls for phishing scam

By midian182
Sep 13, 2016
Post New Reply
  1. Storage manufacturer Seagate is facing a class-action lawsuit brought against it by the company’s own employees. It comes after a senior HR executive was tricked into handed over workers’ personal information in a phishing scam.

    Back in March, cybercriminals sent an email to Seagate HR that appeared to originate from company CEO Stephen Luczo. It requested copies of employees’ 2015 W-2 tax forms and other personally identifiable information, which were duly handed over. The documents contained names, social security numbers, income figures and home addresses – a trove of valuable data for identity theft fraudsters.

    Nearly 10,000 current and past employee details were sent to the scammers, along with those of any family members and beneficiaries named in the documents.

    As noted by The Register, employees filed the lawsuit against Seagate in July, accusing the firm of malpractice and a lack of regard for employees through negligent data management. The suit claims the information was “almost immediately” used to file fraudulent tax forms and for other methods of ID theft.

    "In order for the cyber criminals to have obtained employees' spouses' Social Security numbers, Seagate would have had to have disclosed more than just the Form W-2 data for employees," states the complaint.

    "Seagate would have to have disclosed additional information, such as retirement fund or insurance beneficiary, that contained the personally identifiable information of third parties."

    The lawsuit is requesting a trial by jury for damages and out-of-pocket expenses for employees and third-party victims. Seagate wants the complaint dismissed and has said it’s up to the complainants to prove the company’s negligence. But in an email to employees on March 4, the firm’s CTO allegedly took responsibility for the leak, writing that it “was caused by human error and lack of vigilance, and could have been prevented."

    Seagate claims that: "Plaintiffs seek to hold Seagate responsible for harm allegedly caused by third-party criminals. But Plaintiffs cannot state a claim based solely on the allegation that an unfortunate, unforeseen event occurred. They must actually allege facts that show they are entitled to relief from Seagate."

    Permalink to story.

     
  2. EClyde

    EClyde TS Guru Posts: 707   +181

    Dumb asses
     
    Darth Shiv likes this.
  3. davislane1

    davislane1 TS Evangelist Posts: 3,560   +2,365

    They say a sucker is born every minute. This is why I always advise employers to pay close attention to the time of birth on birth certificates/documentation. You must avoid "that" guy.
     
  4. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,509   +2,056

    Well I guess it's safe to assume that the HR manager is no longer at Seagate, he's/she's more likely to be busy with Walk & Seymour. The dumb cluck.
     
  5. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,509   +2,056

    I think that's a gross underestimation, more likely one born every 10 seconds.
     
  6. Adhmuz

    Adhmuz TechSpot Paladin Posts: 1,653   +523

    Wow, just wow... You'd think a CEO of a technology related company would have a little more sense in this field, but I guess not, really have to feel bad for the employees who now have all sorts of identity theft related problems.
     
  7. Uncle Al

    Uncle Al TS Evangelist Posts: 1,676   +780

    When you consider all the forms and releases a new employee is required to sign before joining a company, the Federal Government should enact a few forms and regulations that the company CEO MUST sign, giving an original copy to every new employee. They could start with the statement that NO employee's private information, medical information, etc. may be shared without the employee's expressed, written consent and such signature or refusal to sign may be used in part in evaluations, evaluations, raises, bonuses, etc. Furthermore it should state that ANY medical provided shall contractually agree that any employee information required for medical coverage be covered the same way and the medical provider may not now or ever sell, give, or allow access to the individuals medical information without the same level of consent.

    There is absolutely no reason for any company or provider to be given preferential treatment or allow to use extortionary tactics on any employee, regardless of race, color, creed or sexual orientation ......
     
  8. davislane1

    davislane1 TS Evangelist Posts: 3,560   +2,365

    It wasn't the CEO. It was an HR executive.
     
    Adhmuz likes this.
  9. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,512   +503

    Senior executive, the kind that doesn't stop to think why a CEO needs personal records... even if it's the top executives is still fishy.

    And even then, a tech industry giant falling for phishing, damn.
     
  10. davislane1

    davislane1 TS Evangelist Posts: 3,560   +2,365

    If Seagate operates like any of the major companies I am familiar with, the CEO and most of the upper level executives have access to the info databases anyways. First question that should have popped into his or her head ($50 says it was a female exe, btw. Place bets below this comment.) should have been, "Why does he need this?" immediately followed by a confirmation phone call. This is SOP for even low-level retail work when it comes to significant projects.

    It also turns out that Seagate is not the only company to be exploited by the scam: http://www.esecurityplanet.com/netw...uts-seagate-breached-by-phishing-attacks.html
     
  11. MoeJoe

    MoeJoe TS Maniac Posts: 401   +208

    Oh wow !

    Legalized marijuana is actually having an effect in Longmont after all ...

    LMAO
     
  12. Adhmuz

    Adhmuz TechSpot Paladin Posts: 1,653   +523

    Sorry misread that, it had appeared to come from the CEO.
     
  13. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    This is about the 3rd strike for Seagate, isn't it? First they had the, "brick my 1TB drive" debacle. Then they had the, "brick my 3TB HDD" fiasco, and now they've done gone and given away their employee's personal information.

    Well, if it was the employees who worked on the 3TB HDD assembly line, IMHO, they had it coming..:oops:
     
  14. lipe123

    lipe123 TS Evangelist Posts: 658   +174

    Makes you wonder why companies need all the information in the first place.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...