Sorenson Communications notifying employees after breach at payroll vendor’s

I’ve recently seen a number of reported breaches involving unnamed payroll vendor(s). I wish notification letters would name the breached vendor(s) so we’d know if it’s the same vendor or if a bunch of payroll vendors have recently been successfully attacked.

Today’s report is from Sorenson Communications, who notified U.S. Sorenson Communications and [email protected] employees that information stored in their Human Resources account was subject to unauthorized access:

On  March 7, 2014 we determined that  between February 20 and  March 3, 2014, Sorenson’s account with  the vendor that handles  payroll for Sorenson  Communications and [email protected] employees was subject to several malicious attacks. Those attacks successfully accessed personal information that  employees provided as  part of their HR data. The  personal information accessed affects  you as  well as  your beneficiaries, dependents, and emergency contacts- those  listed in your Sorenson HR account. Accessed information  included name,  date of birth, address, Sorenson  income history, Social  Security Numbers,W-2 information, and emergency  contact data.

You can read the full notification letter of March 21 on the Vermont Attorney General’s web site (pdf). Those affected have been offered credit monitoring.

Update: A similar report was filed with New Hampshire, where 13 residents were affected.

About the author: Dissent