Everybody with an email address will no doubt, at some stage, have received tens or hundreds of suspicious emails seemingly from one source, but actually from online scammers trying to sell you something or attempting to persuade you to log in to an account in order to capture your confidential information. Most of these emails are sent straight to your junk folder or deleted. Unfortunately for the American hardware company Seagate, this caused a lot more damage…
An email sent to Seagate’s HR department, which appeared to be from the company’s Chief Executive, requested the 10,000 employees’ documents containing their names, addresses, income and social security numbers. The email was actually sent by cyber criminals. A class lawsuit has been filed by a number of employees alleging that the information was obtained as a result of negligence and has already been exploited to file tax returns using the data. The employees are seeking damages for having to rectify the tax returns and to “repair their credit and identity”, which they claim now places them at a high risk of identity theft.
Seagate argue that there is insufficient evidence of a misuse of data and confirm they are not liable for unforeseen third party fraud. They have subsequently applied to have the case dismissed.
Protecting staff and client data is essential and it is important that you are aware of your legal obligations in how you hold and safeguard that information. A breach of these obligations can lead to enforcement action being brought against you and/or your business, or in some circumstances, criminal proceedings being brought against you. If you wish to seek advice about how you should be protecting data then Griffin Law would be happy to assist you. Contact us via email or on 01732 525923
Article by Laura Ware, Solicitor, Griffin Law