Seagate the hardware manufacturer most well-known for making hard drives for computers is this week facing down a lawsuit launched by some of its own employees after their personal information was handed over in a sophisticated phishing scam.
Information about staff was apparently willingly attached to an email and sent to the scammer by another executive at the company. In fairness to the unlucky sender, the fake message did to all intents and purposes seem like it had originally been sent by Seagate’s own chief executive.
“In order for the cyber criminals to have obtained employees’ spouses’ Social Security numbers, Seagate would have had to have disclosed more than just the Form W-2 data for employees,” the lawsuit alleges. “Seagate would have to have disclosed additional information, such as retirement fund or insurance beneficiary, that contained the personally identifiable information of third parties.”
The staff lawsuit alleges that the personal information given to the scammers, including, names, addresses, and social security numbers was already being used the scammers, an argument that Seagate itself denies. For its part, Seagate lawyers have tried to The company has filed a motion in a California court to dismiss the class action arguing that the employee legal action was currently based purely on allegations and not fact. Seagate also contend that there has been no negligence on their part, and that the firm cannot reasonably be held responsible for the actions of criminals.
However, Seagate management may already have shot itself in the foot, having already admitted that the data loss could have been prevented. The firm’s chief financial officer sent an email to employees after the incident saying the data loss “was caused by human error and lack of vigilance, and could have been prevented.’
Seagate’s own internal response to its employees has sparked criticism from some commentators after it offered a credit monitoring facility to those employees who were affected, as the benefit was already widely available to Seagate employees.
Seagate’s official response so far is that it is up to the complainants to prove Seagate’s negligence on a corporate level as opposed to the failure of any one individual.
If you are concerned about phishing attacks or spam, here is a link to some free software that may help.
And here is the wikipedia definition of phishing