Many of you may remember the previous post regarding the phishing attack at Seagate where an employee, responding to a phishing email that claimed to be from the CEO, forwarded the W-2 ‘and other data’ to an attacker. According to this article from the Inquirer, a number of affected employees have now filed a class action lawsuit in the Northern California District Court accusing Seagate of “…malpractice and a lack of regard for employees through negligent data management…”. According to the article, Seagate seems to be planning to dispute it’s culpability despite an email from it’s CFO after the breach saying that it “was caused by human error and lack of vigilance, and could have been prevented“. Despite where this lands, it’s an excellent opportunity to highlight a couple of things.
- When it comes to ways to get ‘inside’ an organization, Social Engineering is still king.
- Despite the technical controls in place, an employee that is unsure of policies and procedures for handling sensitive information is all an attacker needs.
- The cost of a breach exceeds the immediate cost of remediation and can (and will) have a butterfly effect throughout the organization.