The retailer reported that an employee fell for a phishing scam, allowing malicious actors to access shared drives.