This Tech Company Gave Its Employee Tax Forms to Hackers

March 7, 2016, 10:05 PM UTC
Lawmakers Trying To Avert Fiscal Cliff To Prevent Short-Term Shock To The Economy
W-2 wage and tax statement forms are arranged for a photograph in Washington, D.C., U.S., on Tuesday, Nov. 20, 2012. President Barack Obama expressed confidence that he and Congress would reach an agreement that will avoid the automatic spending cuts and tax increases that are scheduled to occur at the end of the year. The fiscal cliff is the $607 billion combination of automatic spending cuts and tax increases scheduled to take effect in January. Lawmakers are trying to avert the cliff to prevent a short-term shock to the economy and reach an agreement on long-term deficit reduction. Photographer: Andrew Harrer/Bloomberg via Getty Images
Andrew Harrer—Bloomberg via Getty Images

Someone at storage giant Seagate (STX) fell victim to an email phishing scam.

The scammers made off with the 2015 W-2 tax forms for current and former U.S.-based employees on March 1, the company confirmed in a statement. The attackers tricked a staffer into believing their inquiry was a “legitimate company request,” a spokesperson told Fortune.

Subscribe to Data Sheet, Fortune’s technology newsletter.

The forms contained names, Social Security numbers, wage information, and more data on some portion of the company’s 52,200-person workforce. “We’re not giving [the number of people affected] out publicly—only to federal law enforcement,” Seagate spokesperson Eric DeRitis told Brian Krebs, the independent cybersecurity reporter who first broke the news on his website. “It’s accurate to say several thousand. But less 10,000 by a good amount.”

A popular scam among identity thieves involves filing tax refund forms and fraudulently collecting the rebate using stolen personal records. Seagate said it had alerted the U.S. Internal Revenue Service of the issue.

For more on tax refund fraud, watch:

“The IRS informed us they have added extra scrutiny to our employees’ accounts in order to prevent fraudulent tax returns from being processed,” the company said. “At this point we have no information to suggest that employee data has been misused, but caution and vigilance are in order.”

Seagate said it is offering two years of free credit monitoring to affected employees from the credit monitoring firm Experian (EXPGY), though it’s worth noting that the protection does not defend against tax refund fraud. The storage giant also said it is “aggressively analyzing where process changes are needed” and that it “will implement those changes as quickly as we can.”

Read more: “How to Keep Hackers From Stealing Your Tax Refund”

A similar attack recently struck Snapchat and Mansueto Ventures, publisher of magazines Inc. and Fast Company. The IRS has repeatedly upped its estimates for the number of taxpayers victimized in similar tax refund rackets—now 724,000 people—though those attacks from last year also involved extracting information from a buggy “get transcript” tool on the agency’s website.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward