On March 8, 2017, Schurman Retail Group (SRG), owner of Papyrus, American Greetings, and Carlton Cards, discovered they were the victim of an email spoofing attack. The attack occurred on January 18, 2017, by an individual pretending to be the company’s Chief Financial Officer. The hacker sent an email requesting all copies of SRG employee Form W-2 information for 2016. Copies of all 2016 W-2 forms for Papyrus, American Greetings, and Carlton Cards employees were provided to the hacker before the company discovered that the request was fraudulent.

Read the Notice SRG sent to Employees

What information was compromised?

A file that included a copy of each of employee W-2 form from 2016 was sent in response to the fraudulent email. An IRS Tax Form W-2 includes the following information:

  1. Employee Name
  2. Employee Address
  3. Employee Social Security Number
  4. Employee wage information


The Hannon Law Firm can help if your personal, confidential information has been breached by hackers. The Hannon Law Firm is currently serving as liaison counsel in the National Chipotle Data Breach class action. HLF filed the only class action against Equifax in the State of Colorado for the breach of 143 million American’s personal information. We proudly serve clients nationally.

If you believe you’ve been affected by the Schurman Retail Group (Papyrus, American Greetings, and Carlton Cards) data breach, we are here to help. You can call our office at 303-861-8800 or fill out the form below.

More than 200 Companies Compromised Employee W-2 Information in 2017 – See the List Here