After delaying notification so as not to interfere with criminal investigation, GreenSlate makes notification of data breach
GreenSlate is notifying employees of some of its clients about a breach involving a rogue Canadian employee.
According to their notification template submitted to the California Attorney General’s Office, on December 22, 2021, the firm’s security team detected that between December 10 and December 15, 2021, an employee in Canada had downloaded scanned paperwork and certain electronic records containing personal information of some of their clients’ employees.
On December 23, 2021, GreenSlate retained firms to investigate the breach and coordinate with authorities. The same day, they contacted the FBI, the Royal Canadian Mounted Police, and the Toronto Police Service.
On March 1, 2022, Toronto Police Service arrested the former employee, freeing GreenSlate to make notifications without interfering with the law enforcement actions. GreenSlate notes that the now-former employee’s pre-hire background check had not revealed any criminal history or concerns.
The affected individuals’ personal information varied by document but may have included their name, date of birth, Social Security Number, Social Insurance Number, work authorization papers, and direct deposit bank account information. The notification template does not indicate how many people had their information stolen by the employee.
GreenSlate is offering those affected identity monitoring services for 24 months
provided by Kroll.