Someone at storage giant Seagate (stx) fell victim to an email phishing scam.
The scammers made off with the 2015 W-2 tax forms for current and former U.S.-based employees on March 1, the company confirmed in a statement. The attackers tricked a staffer into believing their inquiry was a “legitimate company request,” a spokesperson told Fortune.
Subscribe to Data Sheet, Fortune’s technology newsletter.
The forms contained names, Social Security numbers, wage information, and more data on some portion of the company’s 52,200-person workforce. “We’re not giving [the number of people affected] out publicly—only to federal law enforcement,” Seagate spokesperson Eric DeRitis told Brian Krebs, the independent cybersecurity reporter who first broke the news on his website. “It’s accurate to say several thousand. But less 10,000 by a good amount.”
A popular scam among identity thieves involves filing tax refund forms and fraudulently collecting the rebate using stolen personal records. Seagate said it had alerted the U.S. Internal Revenue Service of the issue.
For more on tax refund fraud, watch:
“The IRS informed us they have added extra scrutiny to our employees’ accounts in order to prevent fraudulent tax returns from being processed,” the company said. “At this point we have no information to suggest that employee data has been misused, but caution and vigilance are in order.”
Seagate said it is offering two years of free credit monitoring to affected employees from the credit monitoring firm Experian (expgy), though it’s worth noting that the protection does not defend against tax refund fraud. The storage giant also said it is “aggressively analyzing where process changes are needed” and that it “will implement those changes as quickly as we can.”
A similar attack recently struck Snapchat and Mansueto Ventures, publisher of magazines Inc. and Fast Company. The IRS has repeatedly upped its estimates for the number of taxpayers victimized in similar tax refund rackets—now 724,000 people—though those attacks from last year also involved extracting information from a buggy “get transcript” tool on the agency’s website.