I’ve recently seen a number of reported breaches involving unnamed payroll vendor(s). I wish notification letters would name the breached vendor(s) so we’d know if it’s the same vendor or if a bunch of payroll vendors have recently been successfully attacked.
Today’s report is from Sorenson Communications, who notified U.S. Sorenson Communications and CaptionCall@ employees that information stored in their Human Resources account was subject to unauthorized access:
On March 7, 2014 we determined that between February 20 and March 3, 2014, Sorenson’s account with the vendor that handles payroll for Sorenson Communications and CaptionCall@ employees was subject to several malicious attacks. Those attacks successfully accessed personal information that employees provided as part of their HR data. The personal information accessed affects you as well as your beneficiaries, dependents, and emergency contacts- those listed in your Sorenson HR account. Accessed information included name, date of birth, address, Sorenson income history, Social Security Numbers,W-2 information, and emergency contact data.
You can read the full notification letter of March 21 on the Vermont Attorney General’s web site (pdf). Those affected have been offered credit monitoring.
Update: A similar report was filed with New Hampshire, where 13 residents were affected.