Tax season is upon us, and it looks like if you want to get the W2-form information of thousands of Seagate employees, past and present, all you have to do is email and ask for it. A company spokesperson, Eric DeRitis, confirmed the occurrence of such an event by suggesting that on March 1st, a Seagate employee released 2015 W2 info to someone believed to be acting in official capacity for the storage-minded outfit. This is quite similar to what had happened with Snapchat recently.

On March 1, Seagate Technology learned that the 2015 W-2 tax form information for current and former U.S.-based employees was sent to an unauthorized third party in response to the phishing email scam,” DeRitis said. “The information was sent by an employee who believed the phishing email was a legitimate internal company request.

When we learned about it, we immediately notified federal authorities who are now actively investigating it. We deeply regret this mistake and we offer our sincerest apologies to everyone affected. Seagate is aggressively analyzing where process changes are needed and we will implement those changes as quickly as we can,” he further added.

DeRitis was more specific when he was asked in particular about the number of employees who were affected by this scam by stating,

We’re not giving that out publicly — only to federal law enforcement. It’s accurate to say several thousand. But less 10,000 by a good amount.

Fraudsters who perpetrate tax refund fraud prize [this] information because it contains virtually all of the data one would need to fraudulently file someone’s taxes and request a large refund in their name,” cyber security expert Brian Krebs, who first wrote about the data theft at Seagate, mentioned in a blog post that was published on Sunday.

Last year, the Internal Revenue Service predicted tax-return fraud would hit $21 billion by 2016. It now definitely looks like this will fall under that forecast.