I’ve recently seen a number of reported breaches involving unnamed payroll vendor(s). I wish notification letters would name the breached vendor(s) so we’d know if it’s the same vendor or if a bunch of payroll vendors have recently been successfully attacked.
Today’s report is from Sorenson Communications, who notified U.S. Sorenson Communications and CaptionCall@ employees that information stored in their Human Resources account was subject to unauthorized access:
On March 7, 2014 we determined that between February 20 and March 3, 2014, Sorenson’s account with the vendor that handles payroll for Sorenson Communications and CaptionCall@ employees was subject to several malicious attacks. Those attacks successfully accessed personal information that employees provided as part of their HR data. The personal information accessed affects you as well as your beneficiaries, dependents, and emergency contacts- those listed in your Sorenson HR account. Accessed information included name, date of birth, address, Sorenson income history, Social Security Numbers,W-2 information, and emergency contact data.
You can read the full notification letter of March 21 on the Vermont Attorney General’s web site (pdf). Those affected have been offered credit monitoring.
Update: A similar report was filed with New Hampshire, where 13 residents were affected.
Four members of my immediate family have been affected by this. It is a nightmare and the criminals acted quickly, even before employees were notified, filing for (and receiving) income tax returns, selling one person’s home in which she lives, and lord knows who else they are tagging, like me, who is surely a next-of-kin. Agencies like Social Security and IRS are unhelpful, unsympathetic, blowing off those affected. What are they to do??? Credit reports are worthless. Sorenson’s is not a rich company, but should employees file a class action suit? What can they do? Their lives are being ruined by this.
If it were me, I’d put a credit freeze on my credit reports, get a copy of the police report Sorenson files, and ask Sorenson to provide credit restoration services – they can go after the payroll vendor to pay for these services, depending on the contract they had with the vendor. Their insurance policy may also cover the costs. But the victims need to be made whole.
And if you do get a copy of the police report, please let me know if it gives the name of the payroll vendor involved.