Seagate has fallen for a phishing scam wherein a careless employee has emailed thousands of W-2 tax forms of present and past employees to an online scammer. The incident, which took place on March 1, 2016, happened when an employee received an email that appeared to be an internal company request. The employee complied, and later realised that it was a scam.
Upon discovering the incident, Seagate informed the concerned authorities and sent letters explaining the incident to their employees. This is how the news reached the media, when one of the former Seagate Employees informed Brian Krebs, the tech journalist, who made the incident public.
Since 2015, we have noticed a significant rise in phishing involving tax frauds. For those who are not aware, The W-2 Tax forms, which the phisher received, are used to store important information about how much money an employee is given and other relevant statistics about the salary such as the employee’s Social Security Number, address, and contact information. It also contains a detailed explanation of how much money the company withholds form the employee as tax.
Phishing scams of this nature have, over time, gotten extremely sophisticated and it has become more difficult than ever to sort one out from an original email. The electronic digital rights of Seagate, if managed properly, would have prevented a problem of this sort from coming to pass. Then, even after the file had been released to a third party, Seagate would have complete control over what happens to the data, including the power to remotely delete the files.