View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 13, 2016

Seagate employees sue company over phishing scam

Company also facing an issue with malware.

By James Nunns

Seagate is being sued by its own staff after personal information was exposed due to a phishing scam.

Earlier in the year a senior HR executive was tricked by a phishing scam that pretended to be the CEO of the company, Stephen Luczo. The scammers requested information such as tax codes, social security numbers, and pay information.

Now, a lawsuit has been filed that alleges that attackers have made use of the confidential data. Seagate is contesting the claims and said that it could not be held responsible for the unforeseen actions of criminals.

The company also argues that there was no evidence of negligence by Seagate that has lead to financial loss by some employees.

Court documents reveal that the thieves have used the stolen information to file joint tax forms and carry out various forms of ID theft. The lawsuit aims to make Seagate pay damages to anyone who has suffered financial loss.

In other bad news for the hardware maker, Sophos researchers say that they have uncovered a malware strain that targets Seagate’s network attached storage (NAS) appliances, turning them into distribution points for cryptocurrency –mining software.

Called Mal/Miner-C, this is a type of malware that is designed to spread by exploiting default login credentials, such as weak and frequently used passwords, to install malicious files, Robert Page, lead penetration tester at Redscan said.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Page said: “The creators of this malware are not specifically targeting Seagate NAS devices but given that these devices are known to have poor default credentials, owners of these devices are particularly vulnerable to attack.”

Mark James, security specialist at ESET, said that to mitigate these attacks the user should review and modify any default passwords in addition to ensuring that the latest firmware and software has been installed. User permissions should also be checked to be as restrictive as they need to be.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU