Score one more for online miscreants as another tech company falls victim to a tax-related phishing scam.
Hackers have been out in full force this tax season, and Seagate is the latest major tech company to fall victim to a targeted phishing scam.
The Cupertino, Calif. data storage company revealed to security researcher Brian Krebs that online miscreants last week tricked one of its employees into handing over W-2 forms for all its current and past employees.
The W-2 documents, of course, contained employee Social Security numbers, salaries, addresses, and other personal information.
The incident occurred on March 2, when phishers sent a Seagate employee what appeared to be a legitimate internal company note requesting the W-2 forms.
The employee obliged, inadvertently sending the information to hackers.
Seagate notified federal authorities about the phishing attack, and is now offering affected employees a two-year membership for credit monitoring services, though as Krebs pointed out, that will not protect them from tax refund fraud.
“We deeply regret this mistake and we offer our sincerest apologies to everyone affected,” the company said. “Seagate is aggressively analyzing where process changes are needed and we will implement those changes as quickly as we can.”
The news comes as Snapchat just last week issued a mea culpa to its employees after revealing that one of its staffers also fell for a phishing scam and “revealed some payroll information” to hackers. Word has it Fast Company is also a victim.
Meanwhile, the IRS has temporarily suspended its Identity Protection PIN tool, which allows taxpayers to retrieve their IP PINs online, and is “looking at further strengthening its security features.”
An IP PIN is a “six-digit number that provides an additional layer of protection for taxpayers who have been or could become victims of tax-related identity theft,” the IRS explained.
Taxpayers using an IP PIN can find more information about the change here.
The move comes after the IRS last month announced that hackers attempted to use some 464,000 stolen Social Security numbers and an automated bot to generate E-file PINs, which can be used to electronically file a tax return.