Data breach was twice as large as Department of Revenue said
A data breach at the Massachusetts Department of Revenue was much larger than the tax-collecting agency originally reported, inadvertently making private information from about 39,000 business taxpayers viewable to other companies — potentially even competitors.
That’s more than twice the number of filers the Baker administration originally said last week could have been affected by the breach.
The snafu, which lasted from early August 2017 through Jan. 23, 2018, allowed some companies to view other business’s names, tax identification numbers, amount and date of tax payments, number of employees, and banking information about their payroll processor, Department of Revenue spokeswoman Nathalie Dailida said Wednesday.
The Baker administration said last week that, as a result of the breach, no individual employee data, such as Social Security numbers, were viewable to those who shouldn’t have seen it. Now, in addition to expanding the pool of those affected, the administration acknowledged one person’s Social Security number was visible to those who should not have had access to it.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise