Customers of commercial food service wholesaler Restaurant Depot received phishing emails asking for payment of an (attached) outstanding invoice or else the company would deduct the balance from their accounts.

Some of those recipients began tweeting to the company’s customer service department with one noting that he “finally got through to tell them. They’re aware. It’s pretty big, the breach.”

Another tweeted that the hack apparently tapped personal information.

“You may have received an email that appears to be from us indicating an invoice is due. That email is NOT from us. Please delete it without opening, Restaurant Depot warned on its website. “Please be assured that we are taking steps to find the culprit and will do everything in our power to prevent this from happening in the future.”

Patrick McBride, chief marketing officer at ZeroFox, called the incident “a pretty standard phishing scam and the phishy intent is pretty easy to spot with the poor use of English in the email.” 

McBride said, hackers may have stolen the emails of the targeted accounts from Restaurant Depot, or they may have purchased them “from a legitimate source — there are many database companies for example, that collect competitor information.”