Seagate sued by its employees after HR advisor fell for phishing scam

Employee sent staff's personal details to criminal purporting to be CEO

Seagate, the hardware maker that is best known for its external hard drives, is facing an embarrassing lawsuit from its own employees, after their personal data was sent to cybercriminals.

The information included names, addresses and social security numbers of some of Seagate's US employees, and it was sent out by one of the firm's HR employees who fell for a phishing scam.

The phishing scam or fake message in which cybercriminals extort victims for personal details had appeared to come from the firm's chief executive, Stephen Luczo.

The lawsuit claims that the criminals have already started to use of the confidential data for fraudulent purposes, and accuses Seagate of malpractice and a lack of regard for employees through negligent data management. It says that joint tax returns were filed using an employee's social security number and the employee's spouse's social security number.

Advertisement
Advertisement - Article continues below

This, it said, would only have been possible if Seagate had disclosed more than just the Form W2 data for employees.

"Seagate would have to have disclosed additional information, such as retirement fund or insurance beneficiary information that contained the personally identifiable information (PII) of third parties," said the suit, first seen by The Register.

It goes on to suggest that "no one can know what else the cybercriminals will do with the employees' and third-party victims' PII" and that the victims are now, and for the rest of their lives at a "heightened risk of identify theft".

However, Seagate, which ironically has a suite of products that it claims can act as 'data guardians', doesn't believe that criminals have already used the extracted data, and has therefore filed a motion to dismiss the class action.

"Plaintiffs seek to hold Seagate responsible for harm allegedly caused by third-party criminals," said Seagate. "But Plaintiffs cannot state a claim based solely on the allegation that an unfortunate, unforeseen event occurred. They must actually allege facts that show they are entitled to relief from Seagate."

However, the employees are persevering for a full jury trial and if Seagate's motion to throw out the suit fails, a trial date is likely to be set for later this year.

The employees' suit references security researcher Brian Krebs' blog, which had warned companies of such phishing scams.

Krebs wrote that as tax season approached, internet scammers were trying to scam organisations by sending false emails, purportedly from the company's CEO, to individuals in the HR and accounting departments and asking for copies of Form W2 data. Krebs' article may be used as part of the potential trial.

In a statement sent to IT Pro, Seagate said it "does not comment on active litigation".

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far/page/0/1
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far/page/0/2
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019