Seagate Employee Falls For CEO W-2 Scam, Sends Everyone’s Personal Information

Snapchat isn’t the only technology company that has fallen victim to the tax-season variation on the classic CEO e-mail scam, where a scammer impersonating the boss asks for all employees’ tax information. An employee at hard drive company Seagate fell into the same trap, sending 2015 tax information for thousands of current and former employees to unknown scammers.

Krebs on Security has been following these scams closely, and learned about the breach from a former employee who had worked for Seagate during 2015. Affected people received a letter and an offer of two years of free credit monitoring.

That’s nice and all, but credit monitoring doesn’t prevent identity theft, and it doesn’t prevent the clear goal of this scam: filing bogus tax returns using employees’ information and scooping up their refunds.

A Seagate representative says that somewhere between “several thousand” and 10,000 people who were or are affiliated with the company had their information stolen. What happened was the same scam that we’ve described: the employee received an e-mail that appeared to be from someone within the company who might conceivably have made a request like that.

Affected employees should probably scamper off right now and file their tax returns if they want to ensure that their refunds don’t end up in the wrong hands, the wrong bank account, or the wrong country.

Seagate Phish Exposes All Employee W-2’s [Krebs on Security]