Reading the article, i don't see how it "has been lost by the firm.". It says it only [I]appeared [/I]to come from that person, not that it actually did.
So is this a case of them receiving a fake email, thinking it's from their boss when it wasn't, then suing their boss for something they had nothing to do with anyway, or have i got it wrong?
[QUOTE=nightlord;51039021]Reading the article, i don't see how it "has been lost by the firm.". It says it only [I]appeared [/I]to come from that person, not that it actually did.
So is this a case of them receiving a fake email, thinking it's from their boss when it wasn't, then suing their boss for something they had nothing to do with anyway, or have i got it wrong?[/QUOTE]
sounds more like, because an employee of the company was fooled by a phishing scam, the company as a whole is responsible for the breach of confidential information
it's akin to a negligence suit, and is against the company and not their literal human boss
you would be right to sue your banking company if its employees gave out your SSN and other data, no matter whether it was a purposefully malicious act or not; the company is the responsible entity who needs to pay for damages or pay for identity theft prevention plans for the affected
[editline]12th September 2016[/editline]
reading the article, it sounds like Seagate is being a real piece of shit about it
at my old job, we'd get blatant spam mail that appeared to be sent directly from other employees, but they had never opened phishing emails before, and our IT guy confirmed none of the mails were coming from our servers. I assume there's a way to spoof who an email came from? Could easily have been that kind of situation, and it was intentionally done with the boss's mail.
The lawsuit won't get anywhere if they can prove the boss never sent the initial mail. It's negligence on part of the employees who fell for it, and while it's tragic, it's not their company's fault.
[QUOTE=bitches;51039067]reading the article, it sounds like Seagate is being a real piece of shit about it[/QUOTE]
reading the article I'm only seeing that the company is trying to get this dismissed, which is totally possible if my theory is anywhere near the truth
[QUOTE=dai;51039082]at my old job, we'd get blatant spam mail that appeared to be sent directly from other employees, but they had never opened phishing emails before, and our IT guy confirmed none of the mails were coming from our servers. I assume there's a way to spoof who an email came from? Could easily have been that kind of situation, and it was intentionally done with the boss's mail.
The lawsuit won't get anywhere if they can prove the boss never sent the initial mail. It's negligence on part of the employees who fell for it, and while it's tragic, it's not their company's fault.
reading the article I'm only seeing that the company is trying to get this dismissed, which is totally possible if my theory is anywhere near the truth[/QUOTE]
so you think you shouldn't be able to sue a company for financial damages when they don't take steps to ensure your financial information is transferred only under legit circumstances?
you'd be okay with suffering financial losses due to a company's negligence?
[QUOTE=bitches;51039099]so you think you shouldn't be able to sue a company for financial damages when they don't take steps to ensure your financial information is transferred only under legit circumstances?
you'd be okay with suffering financial losses due to a company's negligence?[/QUOTE]
If a spammer sends a fake email that looks like it's from a certain person but it's not, how is that person negligent?
Re-reading the article though, it sounds like it's the company itself that sent the reply with the information, rather than the individuals responding to the email. So in that case it would be.
[QUOTE=bitches;51039099]so you think you shouldn't be able to sue a company for financial damages when they don't take steps to ensure your financial information is transferred only under legit circumstances?
you'd be okay with suffering financial losses due to a company's negligence?[/QUOTE]
it's literally spam email using someone's name. I've received spam mail from my own email both at work and on my personal domain, neither of which came from my account.
If the company never received that spam letter before and added keywords to their spam filter (since if it was the type of sender spoofing I mentioned, they can't exactly block their own email domain as a spam source), there's no way the company would have any control over the actions of employees on a first time incident like that.
The company is not responsible for stupidity, as pitiful as the situation is.
You never send your soc number on request over email or chat or web forms. Nobody will randomly ask you to resubmit it at an employer, it's part of the system and they should have it written down five ways to sunday in their paperwork, and if they don't, you're probably a fresh hire and have a stack of forms to fill that information out on and hand directly to your accounting person.
[QUOTE=nightlord;51039135]Re-reading the article though, it sounds like it's the company itself that sent the reply with the information, rather than the individuals responding to the email. So in that case it would be.[/QUOTE]
[quote]The data, including names, addresses and social security numbers, was sent out in response to a phishing email.
-
It argued that it could not be held responsible for harm caused by the unforeseen actions of criminals, that the claims were based on "allegations" rather than facts and that there was no evidence of negligence [B]by Seagate[/B] leading to financial loss by some employees.[/quote]
I think the sequence is:
""boss"" sends a bunch of employees phishing mail
some employees take the bait, send information to the requested location (likely an official-looking site or fake 'send to X address' email added to the phish
seagate was not a part of this transaction and is not liable.
[QUOTE=dai;51039145]""boss"" sends a bunch of employees phishing mail
some employees take the bait, send information to the requested location (likely an official-looking site or fake 'send to X address' email added to the phish
seagate was not a part of this transaction and is not liable.[/QUOTE]
employees of seagate are seagate while on the job and therefore make seagate liable
i think the argument here is whether it was the affected employee sending their own data, or a different employee sending the affected's data
snop
[editline]e[/editline]
It's also understandable that their lawyers would advise they do this even if it's 100% their own faults, because it's far more likely to get some small settlements from the firm. It's unlikely they're going to find the fraudster(s) responsible for the direct damages to their bank accounts and other identity ruination, and it's their only chance to recoup some of the losses.
dai
you are incorrect
follow the article source trail:
[quote]A Seagate employee was fooled by an email that masqueraded as an internal memo from the CEO: the message requested people's W-2 forms, and the worker duly handed over the paperwork to fraudsters thinking the request was legit.
The forms include colleagues' social security numbers, income figures, work and home addresses, and other data useful to identity thieves. Anyone who worked at Seagate at any point in 2015 will have had their details leaked.[/quote]
one single employee handed out other employees' data
the company is responsible for that employee's actions
[i]man[/i] I got lost, sorry
imagine being that guy in this situation, he'll be lucky if he's only fired. While the blame rests solely on one twit's mistake, it's not surprising the company wants to sidestep its responsibility on behalf of his actions. There should be better procedures/training in place to ensure company and employee-sensitive documentation stays secure
Sorry, you need to Log In to post a reply to this thread.