A data glitch at the Massachusetts Department of Revenue accidentally exposed the private data of around 16,500 business taxpayers.
According to a report in the Boston Globe, citing the Massachusetts Department of Revenue, the breach happened on Aug. 7, 2017, and left business taxpayers exposed through Jan. 23 of this year. Companies and even competitors were able to view the information on the business taxpayer during that time frame, noted the report. The Boston Globe noted that the information didn’t include social security numbers or wage information. The Massachusetts Department of Revenue said there were less than 150 cases in which a company could look at the data of another business. Officials noted that 128 filed were viewed by 145 unique business clients but may have included companies looking at their own tax information.
The data breach was due to a technical change geared toward enabling tax agents to help businesses with questions about tax withholdings. The report noted thirty-eight payroll companies had access to the portal and could have seen the data of their clients and others. Companies wouldn’t be able to see the information on businesses that used a different payroll company, noted the report.
The Boston Globe said it was made aware of the data breach after Gusto, a payroll company, forwarded an email alerting it to the breach. The email stated that changes to the tax portal: “erroneously permitted business taxpayers to view files containing company names, federal employer identification numbers (FEINs), and tax payment amounts for companies like yours. As a result, people outside your company could see your company data.”
Nathalie Dailida, a spokeswoman for Department of Revenue in Massachusetts told the Boston Globe that it has taken steps to fix the technical issue and will take all the precautions necessary to ensure reporting data is secure.