Yet another security firm charged with safeguarding data has become a victim of a data breach.
An employee at data storage firm Seagate Technology disclosed private employee information after being tricked by a phishing email scam, the company confirmed with CNBC in an emailed statement.
The outlet reported Monday (March 7) that tax information, including Social Security Numbers and salaries, for all of Seagate Technology’s U.S.-based employees was sent to the unauthorized third party behind the scam last week.
“The information was sent by an employee who believed the phishing email was a legitimate internal company request … At this point, we have no information to suggest that employee data has been misused, but caution and vigilance are in order,” the company said in the email message.
The Internal Revenue Service was notified shortly after the company realized the mistake, and an investigation, with the help of federal law enforcement, is ongoing.
“Fraudsters who perpetrate tax refund fraud prize [this] information because it contains virtually all of the data one would need to fraudulently file someone’s taxes and request a large refund in their name,” cybersecurity expert Brian Krebs explained in a blog post over the weekend when he first reported the story.
Scammers have already kept the IRS quite busy this tax season, with the agency’s own computer systems attacked by hackers last month.
IRS officials confirmed the automated attack, aimed at getting information usable for boosting tax refunds. The attack leverages stolen personal data (stolen from elsewhere) to generate E-File PIN numbers. Once those PINs are generated, identity thieves create a false filing and snap up a false refund.
So far, the IRS has identified 464,000 attempts to attain fraudulent E-File PINs. Of those, about a quarter (101,000) were successful in obtaining an E-File PIN.
No personal taxpayer data was taken, and the IRS has notified those whose personal information criminals attempted to use.
Days later, Western Union warned that yet another fake IRS scheme had surfaced.
The company alerted U.S. consumers of a new, nationwide IRS impersonation scam occurring this tax season. The scam involves callers who claim to work for the IRS — including a fake caller ID that backs up its claim — and even provide an IRS ID badge number and a fake name.
The fake IRS representatives tell the victims they owe money to the IRS and ask them to pay using a preloaded debit card or money transfer company. And if the person refuses to cooperate? The scammer is said to then get aggressive, threatening that their driver’s license or passport could be suspended.
“Awareness and education are the best tools we have in the joint fight against fraud,” said Dan Marostica, VP of consumer protection compliance for Western Union. “Scammers try to use good people and financial services companies to steal money. Knowing what to look for is key in identifying warning signs of a scam and then avoiding it.”