Correction: A previous version of this article said all current and former employees were impacted in the phishing scam. According to reports, only U.S.-based employees were affected.
Dive Brief:
- On March 1, Seagate Technology, a data storage company, released tax documents of all its current and former U.S.-based employees in a phishing scam, according to a report from KrebsOnSecurity.
- A company employee released the 2015 W-2 forms, which include Social Security numbers, salaries and personal information of employees. Among other things, thieves can use that information to submit fraudulent tax returns, according to KrebsOnSecurity.
- A Seagate spokesman confirmed the phishing scam and said the company notified federal authorities, which are investigating the incident.
Dive Insight:
Seagate is not alone in falling for a phishing scam. Last week Snapchat revealed that it was also the victim of a phishing scam. An employee released the payroll information to an attacker pretending to be the company's CEO Evan Spiegel.
Seagate did not say exactly how many employees were impacted, but said the W-2 forms of several thousand, but less than 10,000, employees were released.
As KrebsOnSecurity notes, phishing scams are an easy way for fraudsters to get all the necessary information to commit tax fraud. Last year, the W-2 information of more than 330,000 people directly from the IRS. Tax refund fraud accounted for almost 50% of all identity theft complaints last year, according to the Federal Trade Commission.
The IRS has not exactly had an easy go of it in the past year. In February, the agency announced that the number of people affected by an IRS data breach was six times larger than first reported.
