Seagate sued by its own employees after company falls for phishing scam

[midian182]

Storage manufacturer Seagate is facing a class-action lawsuit brought against it by the company’s own employees. It comes after a senior HR executive was tricked into handed over workers’ personal information in a phishing scam.

Back in March, cybercriminals sent an email to Seagate HR that appeared to originate from company CEO Stephen Luczo. It requested copies of employees’ 2015 W-2 tax forms and other personally identifiable information, which were duly handed over. The documents contained names, social security numbers, income figures and home addresses – a trove of valuable data for identity theft fraudsters.

Nearly 10,000 current and past employee details were sent to the scammers, along with those of any family members and beneficiaries named in the documents.

As noted by The Register, employees filed the lawsuit against Seagate in July, accusing the firm of malpractice and a lack of regard for employees through negligent data management. The suit claims the information was “almost immediately” used to file fraudulent tax forms and for other methods of ID theft.

"In order for the cyber criminals to have obtained employees' spouses' Social Security numbers, Seagate would have had to have disclosed more than just the Form W-2 data for employees," states the complaint.

"Seagate would have to have disclosed additional information, such as retirement fund or insurance beneficiary, that contained the personally identifiable information of third parties."

The lawsuit is requesting a trial by jury for damages and out-of-pocket expenses for employees and third-party victims. Seagate wants the complaint dismissed and has said it’s up to the complainants to prove the company’s negligence. But in an email to employees on March 4, the firm’s CTO allegedly took responsibility for the leak, writing that it “was caused by human error and lack of vigilance, and could have been prevented."

Seagate claims that: "Plaintiffs seek to hold Seagate responsible for harm allegedly caused by third-party criminals. But Plaintiffs cannot state a claim based solely on the allegation that an unfortunate, unforeseen event occurred. They must actually allege facts that show they are entitled to relief from Seagate."

Permalink to story.

https://www.techspot.com/news/66306-seagate-sued-own-employees-after-company-falls-phishing.html

 

[EClyde]

Dumb asses

 

[davislane1]

Dumb asses

They say a sucker is born every minute. This is why I always advise employers to pay close attention to the time of birth on birth certificates/documentation. You must avoid "that" guy.

 

[Skidmarksdeluxe]

Well I guess it's safe to assume that the HR manager is no longer at Seagate, he's/she's more likely to be busy with Walk & Seymour. The dumb cluck.

 

[Skidmarksdeluxe]

Dumb asses

They say a sucker is born every minute. This is why I always advise employers to pay close attention to the time of birth on birth certificates/documentation. You must avoid "that" guy.

I think that's a gross underestimation, more likely one born every 10 seconds.

 

[Adhmuz]

Wow, just wow... You'd think a CEO of a technology related company would have a little more sense in this field, but I guess not, really have to feel bad for the employees who now have all sorts of identity theft related problems.

 

[Uncle Al]

When you consider all the forms and releases a new employee is required to sign before joining a company, the Federal Government should enact a few forms and regulations that the company CEO MUST sign, giving an original copy to every new employee. They could start with the statement that NO employee's private information, medical information, etc. may be shared without the employee's expressed, written consent and such signature or refusal to sign may be used in part in evaluations, evaluations, raises, bonuses, etc. Furthermore it should state that ANY medical provided shall contractually agree that any employee information required for medical coverage be covered the same way and the medical provider may not now or ever sell, give, or allow access to the individuals medical information without the same level of consent.

There is absolutely no reason for any company or provider to be given preferential treatment or allow to use extortionary tactics on any employee, regardless of race, color, creed or sexual orientation ......

 

[davislane1]

Wow, just wow... You'd think a CEO of a technology related company would have a little more sense in this field, but I guess not, really have to feel bad for the employees who now have all sorts of identity theft related problems.

It wasn't the CEO. It was an HR executive.

 

[Kibaruk]

Wow, just wow... You'd think a CEO of a technology related company would have a little more sense in this field, but I guess not, really have to feel bad for the employees who now have all sorts of identity theft related problems.

It wasn't the CEO. It was an HR executive.

Senior executive, the kind that doesn't stop to think why a CEO needs personal records... even if it's the top executives is still fishy.

And even then, a tech industry giant falling for phishing, damn.

 

[davislane1]

Senior executive, the kind that doesn't stop to think why a CEO needs personal records... even if it's the top executives is still fishy.

And even then, a tech industry giant falling for phishing, damn.

If Seagate operates like any of the major companies I am familiar with, the CEO and most of the upper level executives have access to the info databases anyways. First question that should have popped into his or her head ($50 says it was a female exe, btw. Place bets below this comment.) should have been, "Why does he need this?" immediately followed by a confirmation phone call. This is SOP for even low-level retail work when it comes to significant projects.

It also turns out that Seagate is not the only company to be exploited by the scam: http://www.esecurityplanet.com/netw...uts-seagate-breached-by-phishing-attacks.html

 

[MoeJoe]

Oh wow !

Legalized marijuana is actually having an effect in Longmont after all ...

LMAO

 

[Adhmuz]

It wasn't the CEO. It was an HR executive.

Sorry misread that, it had appeared to come from the CEO.

 

[captaincranky]

This is about the 3rd strike for Seagate, isn't it? First they had the, "brick my 1TB drive" debacle. Then they had the, "brick my 3TB HDD" fiasco, and now they've done gone and given away their employee's personal information.

Well, if it was the employees who worked on the 3TB HDD assembly line, IMHO, they had it coming..

 

[lipe123]

Makes you wonder why companies need all the information in the first place.