RICHMOND, Va. (WRIC) — Ellwood Thompson’s Local Market employees’ personal information was recently divulged in a phishing scam.
According to a document sent to employees, about 360 current and former employees were impacted by the breach.
The document said that employee’s W-2’s were accidentally sent to an unknown source providing details including employee’s names, addresses, phone numbers, social security numbers as well as their earnings and other financial information.
This same document said that the employees’ W-2 forms were inadvertently disclosed after an employee received an email which they thought was from the owner and CEO fo the company. As a result, the employee complied with the request and sent copies of the W-2 forms of the store’s employees in Richmond and Rockville, Maryland.
Shortly thereafter, the employee received another email which led them to question the validity of the first email. After forwarding the email to other managers, the company determined that the emails were fake and as a result, the scam was discovered. Shortly thereafter, legal counsel and federal law enforcement were informed.
According to a statement made by Ellwood Thompson’s the small business immediately notified employees and legal counsel and began working with all parties to respond to the incident once they had figured out what had happened.
The business said in a statement that they are providing free credit monitoring and identity theft protection to all current and former employees affected by the breach.
When asked for comment, Ellwood Thompson’s gave the following response:
“Ellwood Thompson’s recently fell victim to a phishing scam that resulted in the inadvertent disclosure of internal personnel information. As a small, locally owned and independently operated business, we are committed to our employees and our customers. The moment we became aware of this issue, we immediately notified affected employees and legal counsel, and began working with all parties to respond to this incident.
We immediately notified the proper authorities, and are holding storewide meetings to inform our staff and address questions regarding the incident. Ellwood Thompson’s is taking every appropriate action to resolve this incident as quickly as possible. In addition, we are providing free credit monitoring and identity theft protection for one year to all current and former employees affected by this breach.
Elwood Thompson’s is deeply committed to our employees. Accordingly, we recently became a Benefit Corp., joining a small group of companies leading the way to hold for-profit corporations accountable to social consciousness and environmental responsibility. This is a legal designation that enables mission-driven companies like Ellwood’s to stay mission driven and do its best to serve genuine human needs. In recent years, we also have introduced a higher minimum wage, free health insurance, a profit-sharing program, a 401K plan and maintain a positive work environment to better serve our employees and customers.
We have no reason to believe any customer information has been breached.”
The company also said that they have no reason to believe any customer information was breached in the incident.
Below is a copy of the letter that a current Ellwood Thompson’s employee provided:
Ellwood Thompson’s Security Breach
Ellwood Thompson’s Security Breach x