back to article Bungling Seagate staffer leaked coworkers' social security numbers, other info to email fraudsters

Storage drive biz Seagate is lousy at keeping its own data safe: it accidentally handed over the crown jewels of its employees' private information to persons unknown. A Seagate employee was fooled by an email that masqueraded as an internal memo from the CEO: the message requested people's W-2 forms, and the worker duly …

  1. Astcuzene

    Seriously! What dumbass at Seagate put another dumbass in charge of personal records?

    Not the worse I heard or saw though, in one company I actually saw, with my own eyes, them take a filing cabinet, unlocked, and placed it In a very dark, very, very well travelled, as in dozens of temps and ex cons every day, full of personnel records of the same nature, along with those personels checking and banking accounts. The person's who made that decision? You guess it, still work for and run that company.

  2. Mark 85 Silver badge

    I'm guessing it was some lowly clerk in HR or Payroll who had access to that info. Probably got fired. It's pity that the firings won't go up the corporate food chain over these types of things as there is obviously no training. And obviously some atmosphere of fear that no one bothered to check with a higher up if this would be kosher.

  3. Stevie

    Bah!

    Where's the link to the leaked video of the dimwit being made to run round the car park in his underwear while his colleagues beat him black and blue with whiffle bats?

  4. kain preacher

    I don';t know what is worse. The fact that suck and idiot had access to that data or the fact that it could be easily emailed out of the company.

  5. cantankerous swineherd

    email: a system in which people can send messages pretending to come from me and which enables me to get messages pretending to come from anyone in the world.

    hopelessly unusable.

  6. David Roberts
    Unhappy

    Corporate culture?

    Perhaps the poor unfortunate who sent the information was regularly shouted at for not responding quickly enough?

    A few instances of "Of course it's from me! Are you too stupid to read an email address?" will override any nebulous security policy which senior execs are far too busy and important to read.

    Followed, of course, by "How could you be so stupid? Of course it wasn't from me!"

    Followed by the poor unfortunate being blamed and fired.

    Or worse, if some commentards have their way.

  7. Eddy Ito

    Couldn't the server set a custom flag indicating that an email originated outside the corporate lan as a means to mitigate such problems? Granted, it still requires people to actually look at it so maybe it wouldn't help in every case.

    1. John Brown (no body) Silver badge

      NO, because the IMPORTANT people ALWAYS enable all the toggle to switches on ALL the flags because THEIR messages are ALWAYS IMPORTANT AND USE LOTS OF CAPS for EMPHASIS.

      One extra flag will go unnoticed in the forest of pre-existing flags.

  8. Kumar2012

    In this day and age when nearly every perimeter device features some sort of DLP capability this should be addressed by technology and not relying on humans not to do stupid things; i.e. PII should not be allowed to leave the network in the first place.

  9. Florida1920
    Big Brother

    He's lucky to be an American

    And not Chinese. They have a rather unforgiving way of dealing with screw-ups like this.

  10. Crazy Operations Guy

    " the firm has given staff two years of credit fraud protection."

    So now the scammers will just hold onto the records for 25 months before using them. I'm pretty sure they were going to do something like that anyway, don't want to alert anyone while the victims are still aware of the breach. I figure that they'd want to wait until everyone forgot about the breach before using the info, especially since its either very difficult or outright impossible to change the data that is listed on the W-2.

  11. Hans 1
    WTF?

    Employee data

    What business would the CEO have with that data, assuming, for one second, that this was a legit email ? Should that data not be protected from anybody in the company, except payroll team, and even then, under supervision?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022