Boston-based Ember Corporation is notifying 50 current and former employees of a possible breach after a package shipped by its payroll provider, Ceridian, via FedEx appeared to have been tampered with during shipment.
In a notification to the New Hampshire Attorney General’s Office, Ember’s counsel indicated that the package arrived on January 10 but two corners of the package, sealed with clear packing tape, were opened and the contents appeared wrinkled.
The package contained individual W-2 forms for current and some former employees, each in their own envelope, and a summary form for the employer that was not in its own envelope. Although all of the individual W-2 forms appeared intact, the summary forms were “wrinkled, out of order, and had been tampered with.”
Cynthia Larose of Ember’s law firm, Mintz Levin, reported that FedEx would neither take any responsibility nor assist in the investigation.
Ceridian also denied responsibility but offered to provide free credit monitoring services through Equifax. The offer was considered inadequate for a variety of reasons and Ember contracted with Debix to provide services for its employees. They also reported the incident to the police.
This really seems like a situation in which “abundance of caution” might actually be appropriate as there is no clear evidence of a breach, but since no one could satisfactorily explain the out-of-order and wrinkled summary forms, the company decided to err on the side of caution.