Cyber Incident Victim: Seagate
Date:
Feb 2016
Location:
United States of America
Summary
A phishing attack targeted a major data storage firm, tricking an employee into disclosing W-2 tax forms for all current and former U.S.-based personnel. The fraudulent email, masquerading as a legitimate internal request, led to unauthorized exposure of sensitive data including Social Security numbers and salaries. Federal authorities were notified immediately, and the organization acknowledged the error while initiating process reviews to prevent recurrence. The breach impacted several thousand individuals, though fewer than 10,000, heightening risks of tax refund fraud due to the comprehensive personal information involved. This incident mirrored similar attacks on other companies, underscoring widespread threats to HR and finance departments from such social engineering schemes.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 1, 2016, Seagate Technology discovered that an employee had fallen victim to a phishing email scam, resulting in the unauthorized disclosure of 2015 W-2 tax forms for all current and former U.S.-based employees. The phishing email, which impersonated a legitimate internal company request—potentially spoofing a high-level executive such as the CEO—tricked a staff member into transmitting the sensitive documents to a malicious third party. W-2 forms contain highly confidential information, including Social Security numbers, salaries, and other personal identifiers, making them a prime target for criminals engaged in tax refund fraud. Seagate confirmed the incident after being alerted by KrebsOnSecurity, which had received documentation from a former employee. Company spokesperson Eric DeRitis acknowledged the breach, attributing it to an employee who acted under the belief that the request was authentic. Upon discovery, Seagate immediately notified federal law enforcement agencies, which initiated an active investigation. The company expressed regret for the incident and issued public apologies to affected individuals while committing to analyze and implement process improvements to prevent recurrence.
The breach impacted "several thousand" current and former employees, though Seagate declined to disclose exact figures publicly, stating only that the number was "less than 10,000 by a good amount." Exfiltrated data provided fraudsters with sufficient information to file fraudulent tax returns in victims' names, a prevalent threat highlighted by the Federal Trade Commission’s report of a 50% surge in identity theft complaints linked to tax refund fraud in 2015. This incident mirrored broader trends, including a 2015 breach where scammers stole W-2 data for 330,000 individuals from the IRS and contemporaneous attacks on companies like Snapchat and GCI. Seagate’s response focused on regulatory compliance and internal process reviews, though no technical containment measures or system compromises were detailed in available reports. The company did not disclose whether affected employees received credit monitoring or other remediation services. Financial penalties or operational disruptions beyond reputational harm were not quantified in the source material.