Seagate Sued By Own Staff For Leaking Personal Info To Identity Thieves

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
It was reported in March that someone in Seagate’s HR department fell for a phishing scam and handed over employees’ W-2 forms over to hackers. The company is now getting sued but is trying to get the case thrown out, suggesting it was an “unfortunate, unforeseen event.”

The suit claims that the attackers have already begun using the information lifted in the breach. It asks that Seagate be required to pay out damages and fees to a nationwide class of Seagate employees and others named in the pilfered W‑2s. "No one can know what else the cybercriminals will do with the employees' and third-party victims' personally identifiable information. However, the employees and third-party victims are now, and for the rest of their lives will be, at a heightened risk of identity theft," the suit alleges. "Many employees and third-party victims have already suffered out-of-pocket costs attempting to rectify fraudulent tax returns and engaging services to monitor and protect their identity and credit."
 
It being an unfortunate event doesn't mean it absolves them. Also, unforeseen? C'mon. This isn't HR sending out a memo by accident. This is something that can deeply affect peoples' livelihoods. I hope the case doesn't get thrown out - they deserve to have the book thrown at them for such a major fuckup.
 
Crashing into someone in your car is an “unfortunate, unforeseen event” as well, but the fact that it was an accident and nobody saw it coming doesn't mean it has no repercussions.

At the very least, Seagate needs to buy a few years of credit monitoring for all these people. (and discipline the idiot responsible for the leak)
 
Did Seagate have mandatory security awareness training for the HR dept?
If so, did the training cover current best practices?
Does Seagate have a security policy in place?
If so, does it meet current best practices?
Did HR follow the security policy when they released the information?

If the answer to any of these questions is No, Seagate should be on the hook for long term monitoring and long term liability for full cost of any identity theft related to the data release.
 
University of Maryland College Park admission system was hacked about 3 years back and they stole the names and social security numbers of every student from 1990 onward. As a result UMCP paid for credit alert monitoring for everyone affected for 6 years. Personally I think it should be life.

At the very least Seagate should do the same. The cost per employee is minimal. It's like $12/person/year in bulk purchase from credit monitoring agencies. They spend more than that dealing with @#$#@ off employees taking up HR and legal's time.
 
Dead Parrot said:
Did Seagate have mandatory security awareness training for the HR dept?
If so, did the training cover current best practices?
Does Seagate have a security policy in place?
If so, does it meet current best practices?
Did HR follow the security policy when they released the information?

If the answer to any of these questions is No, Seagate should be on the hook for long term monitoring and long term liability for full cost of any identity theft related to the data release.
Click to expand...

Any major corporation can fall easy victim to phising attacks in email that look very legitimate. I can't tell you what security measures the company I work for takes to avoid such things, but the IT here do their best to take it seriously. Unfortunately even with training and multiple security layers we still get hit. As paranoid as I am, even I was infected once when I once went online to engineeringtoolbox.com to look up a drop calculation when I wasn't happy with 3rd party engineer's calculations. You would think that to be a safe site, but even they get hacked. (It was embedded in a malicious ad)
 
d8lock said:
Yet another reason to hate the HR department.
Click to expand...
Every girl/guy I know in HR works their tail off. Most of the time they are dealing with cranky employees who got upset over a lost red swingline. :D
 
Love the reference to one of my favorite movies. :D

DigitalGriffin said:
Every girl/guy I know in HR works their tail off. Most of the time they are dealing with cranky employees who got upset over a lost red swingline. :D
Click to expand...

Unfortunate? Yes. Unforeseen? Properly trained staff would have caught the scam right off the bat and reported it to IT who would have taken appropriate action to block the threat. Education and training do pay off and is well worth the cost to keep situations like this from occurring in the first place.
 
Not being an HR person, but I sit and try to think of an email that comes the the president of a super large company like "hey send me all the w2s for Everyone in the company"

Then have the HR person not question it. Like, what the hell would he even need that for?

In my opinion all sorts of red flags should be ringing loud and clear when this type of stuff is asked for.
 
You must log in or register to reply here.
Back
Top