Please give us a few moments whilst we get your account ready.
On 1 March 2016 an unfortunate soul in Seagate Technology’s Human Resources department fell for a phishing email (hook, line and sinker), and voluntarily offered up sensitive information regarding their employees – effectively throwing data security out the window.
The phishing email, disguised as an internal memo from the CEO, requested wage and tax statements of employees, and the staff member sincerely handed it over to the scammers, not knowing that it wasn’t a legitimate request from management.
After this unfortunate event, the attackers started using the stolen data in fraud schemes involving the personal information on the tax forms, resulting in financial loss for some employees.
Now, some of the most aggrieved employees are filing a law suit against Seagate stating they were negligent with personal information and didn’t deliver on their data security promise.
Ironic that a company who prides itself in data security could not follow through the promise to their workers and their highly confidential data. This just once again proves that anyone can fall victim to cybercrime, and just because you specialise in data security, doesn’t make you immune. The lingering question here is: Is Seagate responsible for this data breach? Should one blame the poor human that (naively) fell for the con?
The last word in that sentence could hint at an answer. Internet charlatans, like the ones behind the spear-phishing email sent to the HR employee, engineer their scams to be as believable as possible. They probably asked very nicely for the forms. And no matter how careful you are, sometimes you fall for it. It’s not something to be embarrassed about, cybercriminals prey on the good, “trusting” nature of human beings.
One thing that Seagate as a company can be held responsible for, is the lack of education about cybercrime amongst staff. Unsolicited spam emails and phishing emails have been a major cause of concern for quite some time. There is an abundance of literature and awareness on the Internet about it.
It is very important to be one step ahead of trending internet-deceit, and to keep your employees up to date. One of the most important tasks of an IT and risk manager is to keep an ear to the ground, do research and educate employees so as to make them more vigilant about potential threats. Here are a few tips:
The recent ransomware attack on Kaseya, a cloud-based IT and security management provider services company that supplies tech-management tools to customers worldwide, has the potential to be the most serious cyber-criminal incident this year.Continue reading