RICHMOND, Va. – Employees at Ellwood Thompson’s Local Market were notified that the business was recently phished by an individual posing as the company founder, and private information compromised. The personal information may include name, address, phone number, social security and financial earnings information.
A spokesman for the company said that as soon as they became aware of the issue, employees and legal counsel were notified.
A former employee who wished not to be identified said they were notified a scammer was able to get W2 information by posing as the owner of the store.
The notice of data breach allegedly sent to employees was shared with CBS 6. That notice claimed 360 former and current employees were affected in the breach, from both the Carytown and Rockville, Maryland stores.
The phishing scam reportedly occurred Feb. 3, when a representative thought they received an email request from founder Richard Hood, requesting employee W-2 forms. Another phishing attempt from someone who identified themselves as Mr. Hood was made on Feb. 9.
The legitimacy of that correspondence was questioned, and the request was forwarded to other managers to verify its validity.
"We immediately notified the proper authorities, and are holding storewide meetings to inform our staff and address questions regarding the incident," said Director of Operations, Bart Yablonsky.
Ellwood Thompson’s said that they are providing free credit monitoring and identity theft protection for one year to all current and former employees affected by the situation.
Employees were advised to contact their financial institutions and change their account information, to change passwords, contact the IRS and to keep a close eye on their credit reports for unauthorized activity.
Their full statement is below.
Ellwood Thompson’s recently fell victim to a phishing scam that resulted in the inadvertent disclosure of internal personnel information. As a small, locally owned and independently operated business, we are committed to our employees and our customers. The moment we became aware of this issue, we immediately notified affected employees and legal counsel, and began working with all parties to respond to this incident.
We immediately notified the proper authorities, and are holding storewide meetings to inform our staff and address questions regarding the incident. Ellwood Thompson’s is taking every appropriate action to resolve this incident as quickly as possible. In addition, we are providing free credit monitoring and identity theft protection for one year to all current and former employees affected by this breach.
Ellwood Thompson’s is deeply committed to our employees. Accordingly, we recently became a Benefit Corp., joining a small group of companies leading the way to hold for-profit corporations accountable to social consciousness and environmental responsibility. This is a legal designation that enables mission-driven companies like Ellwood's to stay mission driven and do it's best to serve genuine human needs. In recent years, we also have introduced a higher minimum wage, free health insurance, a profit-sharing program, a 401K plan and maintain a positive work environment to better serve our employees and customers.
We have no reason to believe any customer information has been breached.