A data breach at the Massachusetts Department of Revenue was much larger than the tax-collecting agency originally reported, inadvertently making private information from about 39,000 business taxpayers viewable to other companies — potentially even competitors.
That’s more than twice the number of filers the Baker administration originally said last week could have been affected by the breach.
The snafu, which lasted from early August 2017 through Jan. 23, 2018, allowed some companies to view other business’s names, tax identification numbers, amount and date of tax payments, number of employees, and banking information about their payroll processor, Department of Revenue spokeswoman Nathalie Dailida said Wednesday.
The Baker administration said last week that, as a result of the breach, no individual employee data, such as Social Security numbers, were viewable to those who shouldn’t have seen it. Now, in addition to expanding the pool of those affected, the administration acknowledged one person’s Social Security number was visible to those who should not have had access to it.