Personal information of Sprouts Farmers Market employees was compromised last week after the company was hit with a phishing scam, according to reports.
An employee in the company's payroll department at its Arizona headquarters responded to an email from a supposed senior company executive, and provided 2015 W-2 statements at the scammer's request.
An investigation by the FBI and IRS is underway; Sprouts did not disclose how many of its more than 21,000 employees were affected by the breach.
“In general, whenever a request is received to send sensitive personal information outside of regular business processes, it is always a good idea to validate the request through a separate channel such as via telephone," said Craig Young, computer security researcher at cyber security company Tripwire.
"E-mail based scams, and in particular spoofed wire transfer requests, have become a huge problem for businesses around the world. Having employees trained at recognizing fraudulent email is an important step to combating scams," Young added.
At press time, Sprouts had not responded to PG's request for comment.