Sensitive employee information at Ellwood Thompson's breached in scam

Sensitive employee information at Ellwood Thompson's breached in scam
By Kelly Avellino | February 23, 2017 at 6:47 PM EST - Updated August 12 at 5:25 PM

RICHMOND, VA (WWBT) - More than 350 employees at Ellwood Thompson's specialty grocery store have fallen victim to a phishing scam, where their sensitive identity information has been compromised.

Management at Ellwood Thompson's confirmed Thursday that a human resources employee was deceived by an email, requesting the W2 forms for employees. The worker believed the store's owner was behind that email.

The email was, however, a scam. That worker released the W2 forms for all 2016 employees at the stores in Richmond and in Maryland, according to a letter sent to employees.

Concerned Ellwood Thompson's employees reach out to NBC12, after learning the personal data compromised included their name, address, phone number, social security number, and earnings and related financial information.

Ellwood Thompson's management says they have reported the breach to the proper authorities. They're also meeting with employees and are providing all staff members with a year of free credit monitoring.

Ellwood Thompson's employees say they'd like a much longer subscription to identification and credit protection, or a cash settlement to pay for that protection in future years.

Attorney Ian Vance, with the Consumer Law Group in Richmond, says anyone who thinks their sensitive information has been breached must take action immediately. Acting now will help you build a case, if scammers strike in the future.

"Whereas if you waited five years…you've got a harder argument to make," said Vance. "You don't want to play the wait-and-see game, to see if you are harmed. You should be preventative and take these measures beforehand to show that you've done everything on your end to prevent any breach happening in the future, or any account or money being taken."

Vance suggests immediately requesting a credit report to monitor any activity in your name. Consider changing all your accounts and passwords. File a report with the Federal Trade Commission, and put a fraud alert on your credit report so lenders will beware of someone else trying to use your information.

Ellwood Thompson's released this statement:

Ellwood Thompson's recently fell victim to a phishing scam that resulted in the inadvertent disclosure of internal personnel information. As a small, locally owned and independently operated business, we are committed to our employees and our customers. The moment we became aware of this issue, we immediately notified affected employees and legal counsel, and began working with all parties to respond to this incident.

Copyright 2017 WWBT NBC12. All rights reserved

Report an Error or Submit a Tip to NBC12