Every Scotty’s Brewhouse employee affected by data breach; scammer gets copy of all W-2 forms
INDIANAPOLIS, Ind.– Officials at Scotty’s Brewhouse are working to inform thousands of employees across the company about an email data breach, leaking employees’ W-2 forms to an unknown suspect.
Company officials called IMPD Monday afternoon to report the breach, which apparently resulted from an email phishing scam.
According to the police report, an individual posing as company CEO Scott Wise sent an email to a payroll account employee. The email requested the employee to send all 4,000 employees W-2 forms in PDF form.
Chris Martin, director of HR/Payroll for the company, told police the email did not really come from Wise. However, the payroll account employee did email all 4,000 W-2 forms to the unknown individual.
The report says Martin contacted the IRS to inform the agency of the breach. The IRS recommended Martin also file a report with IMPD.
Scotty’s Brewhouse officials are now in the process of informing all employees, and providing them with precautionary measures to take in order to protect their financial and personal information. The company says it will offer one year of credit monitoring at no cost to employees, in addition to providing information regarding available resources for its employees to monitor their credit.
Scotty’s says no customer information was obtained during the phishing scam. The company is working with law enforcement and the credit bureaus to limit any potential misuse of the information that was obtained and to identify and apprehend the scammers.
Scott Wise, CEO of Scotty’s Holdings, LLC, issued the following statement:
“Unfortunately, Scotty’s was the target of and fell victim to scammers, as so many other companies have,” said Wise. “Scotty’s employees and customers are of tremendous importance to the company and Scotty’s regrets any inconvenience to its employees that may result from this scamming incident. Scotty’s will continue to work with federal and local law enforcement, the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice.”
The incident appears to match the description of an email phishing scheme the IRS issued warnings about last year. This scheme involves scammers posing as company executives to request financial and personal information on employees.
The IRS has online tutorials on the proper steps to take if you have become the victim of identity theft or your personal information has been leaked. Those steps can be found here.