Ah Seagate the Gift that keeps on giving!
https://krebsonsecurity.com/2016/03/seagate-phish-exposes-all-employee-w-2s/
12 replies (most recent on top)
Any information on how to get involved in the class action suit?
As someone who had a fraudulent tax return filed as a result of Seagate's screw up, I can tell you the amount of time I've had to spend dealing with this is becoming overwhelming. The call center is absolutely no help whatsoever and the best I get from the Experian people is them telling me to call someone else. The company has not done nearly enough and is clearly not concerned with the impact this is having on their employees. Its disgraceful.
I do not think that the phishing scam story being circulated by management is what really happened. Employee personal records and W2 data is usually in secure databases and not in an excel file that can simply be emailed to Luczo, as the corporation purports it to be. We have not seen the full truth come out of this yet. Repercussions caused by negligence to those affected extend well beyond 2 years.
The internal company messages to current employees described the issue as leaked W-2 information due to an email phishing scan and advised employees of the possibility of tax filing fraud, indicated a concern over tax filing fraud that had already occurred which may have been related, and recommended that employees file taxes early. The letter received by ex-employees (received a full 2 weeks after the leak) described only an "incident" involving personal information and then described the free credit monitoring offer in significant detail. Without reading public news reports or hearing about the scope of the issue informally via current employees, ex-employees are unaware of what exactly was leaked and of the need to be vigilant about tax filing. Why are ex-employees underinformed, is it ignorance or negligence?
http://www.4classaction.com/blog/2016/03/08/fbfg-investigating-potential-class-action-relating-seagate-data-breach
I'm in for a lawsuit too. IRS agent told me the next few years are going to be difficult with the amount of information they got their hands on.
i too up for lawsuit.
i am contacting attorneys in regards to as-yet unrealized damages.
Consider, that 2 years of credit report protection does nothing to protect you from:
Identity fraud considering employment, someone could use your SSN to gain employment.
could use your identity to get medical treatment. in the coming (more that the 2) years could use your identity to file amended taxes, it is highly probable that they could procure bank account access.
the repercussions will extend for far more than the paltry 2 years.
depending on the actual file information provided, they could have your direct deposit information.
we as a group will have damages extending far beyond 2 years all of our information is out in the wild--- forever.
When will the people responsible be promoted so they can heroically fix the problem they created?
I am up for class action suit.
Embarrassing for this to happen to a company in the business of protecting data.
The cost of this error will just lead to even more layoffs unfortunately.
Why would HR/payroll be emailing "personal confidential" documents around in the first place? Wasn't this kind of information one of those "special handling" categories that were drilled into employees' heads? Also, isn't a secure document transfer system used for exchanging this kind of sensitive material en masse -- not email? Something seems not right about the transfer procedure. Are there laws governing the procedure?
Also, the company uses google for their email. I'm percolating a theory... The google email interface that I recall using while at the company made it difficult to see where any given message originated from (it was difficult to see the "message headers"). With the google mail interface it took a determined effort to check the origination of any suspicious-looking name-spoofed email. I have a feeling that the google mail interface facilitated this screwup.
Is there grounds for a lawsuit in this? For the executive decision leading to implementation of an email system that facilitates this kind of disaster, or for allowing personal confidential information to be emailed around as a standard operating procedure.