Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud.
The person was duped by what appeared to be an email from the company's CEO; the scam was pulled off a week after a highly publicized set of warnings about W2 phishing.
Fraudsters who acquire W2s can apply for tax-refunds in their victims' names.
As is common in identity theft cases, Seagate has offered its employees gift certificates for a credit monitoring service.
Credit monitoring services do nothing to prevent or detect tax-refund frauds.
As I noted in last month's warning about W-2 phishing, fraudsters who perpetrate tax refund fraud prize W-2 information because it contains virtually all of the data one would need to fraudulently file someone's taxes and request a large refund in their name. Indeed, scam artists involved in refund fraud stole W-2 information on more than 330,000 people last year directly from the Web site of the Internal Revenue Service (IRS). Scammers last year also massively phished online payroll management account credentials used by corporate HR professionals.
Seagate Phish Exposes All Employee W-2's [Brian Krebs/Krebs on Security]