Think big businesses are the only ones targeted for cyber crime? Think again. Even grocery outlets can be targets of data breaches, as is the case for Sprouts Farmers Market. Store employees are struggling after a data breach stole their personal information, and reports are that the company is doing little to deal with it.

ABC7 reports that Sprouts employees have had their financial information compromised, resulting in stolen tax refunds and fraudulent credit cards opened in their names. The breach began with a phishing scam, which gave cyber criminals access to the W2 statements for all employees – over 20,000 people in total.

Sprouts has declared in a statement that the company is working with the FBI and IRS to investigate. For many employees, however, it’s too late a reaction, with thousands now with their tax refunds gone and their credit and identities at risk.

Phishing scams aimed at W2 forms are at their peak during tax season, and Sprouts Farmers Market is just one of many organizations targeted. With the tax season over, many have found out all too late that someone has stolen their W2 information and filed fraudulent taxes in their names, and the damage can take a long time to repair. And just because tax information is no longer a viable target this year doesn’t mean phishing scams will let up at all, so always be wary and careful with personal information.

For the employees whose personal information was stolen, there are many important steps they can take. The California Office of Privacy Protection’s “Recommended Practices on Notice of Security Breach Involving Personal Information” report lists several steps for responding post-data breach, including monitoring, securing, or even freezing accounts.

Organizations such as Sprouts should contact law enforcement, as it has, and implement additional safeguards, but whether or not it has done that yet has not been disclosed. It does not appear to have offered anything in the way of assistance to its employees whose personal information was put at risk, even basic credit monitoring, so angered employees may consider taking legal action.

Photo by USDAgov