Cyber Incident Victim: Sorenson Communications

In early 2014, Sorenson Communications and its subsidiary CaptionCall experienced a data breach impacting all Utah-based employees through an attack on an unnamed third-party payroll vendor. Between February 20 and March 3, hackers executed multiple unauthorized intrusions into the vendor's systems, compromising extensive personal employee records. Sorenson discovered the incident on March 7, 2014, and began notifying affected personnel on March 11, with follow-up communications issued on March 21. The compromised data included full names, residential addresses, dates of birth, Social Security numbers, historical income details, W-2 tax forms, and emergency contact information. While banking data remained unaffected, the breach exposed sensitive information belonging not only to employees but also their dependents, beneficiaries, and emergency contacts. The organization acknowledged the incident's scope encompassed "thousands" of workers across both entities but did not disclose precise victim counts.

Sorenson initiated a coordinated response involving the Federal Bureau of Investigation (FBI) and Internal Revenue Service (IRS) to investigate the attack while implementing undisclosed security enhancements. All impacted individuals received offers for twelve months of complimentary credit monitoring and identity theft protection services. Internal communications from Joe Tate, Vice President of Human Resources, emphasized the potential risks to beneficiaries and dependents while confirming no evidence of financial data exposure. The payroll vendor's identity remained undisclosed throughout the notification process, with Sorenson focusing remediation efforts on employee support and federal law enforcement collaboration rather than public attribution of the attack. The breach timeline reveals a 17-day compromise window before detection, followed by rapid notification within four days of discovery and supplemental guidance ten days later.