What's the price for flinging your workers' private info at crooks? For Seagate, it's $6m
That was one expensive email for the storage specialist
Seagate will cough up $5.75m to settle a lawsuit brought after its bungling staff accidentally handed over employees' sensitive information to fraudsters.
The storage giant told [PDF] the California Northern US District Court this week that it is willing to cover the cost of identity protection services as a result of that privacy cockup: specifically, it'll pay up to $3,500 for each of the 12,000 employees whose data was leaked in a 2016 phishing attack.
The settlement, submitted to Judge Richard Seeborg, also includes Seagate paying for insurance coverage totaling around $42m for the costs the workers might incur from identity theft resulting from the attack – which has already been linked to a string of fake tax return scams.
The deal would put to rest the claims that the company was criminally negligent and in violation of California competition laws when, in 2016, one of its workers was duped by a phishing email and handed over the W-2 forms of everyone who had worked for the biz in the previous calendar year.
"Almost immediately, the cybercriminals exploited Seagate's wrongful actions and filed fraudulent federal and state tax returns in the names of the employees," the complaint [PDF] alleges.
"Some employees have learned that the cybercriminals filed fraudulent joint tax returns, using not only the employee's social security number, but also the employee's spouse's social security number."
Six named employees – Everett Castillo, Linda Castillo, Nicholas Dattoma, Freda Lang, Wendy Tran and Steven Wilk – filed suit on behalf of all the workers whose personal info, including social security numbers, was leaked.
In filing for the settlement, attorneys for the plaintiffs say that the $5.75m is likely more than they would have been awarded had they taken the case to trial. The payout would not only cover two years of identity theft services from credit reporting and financial services conglomerate Experian, but also any other expenses the workers incurred when they had to clear their names for the fake tax returns. ®
Sponsored: Becoming a Pragmatic Security Leader