Governor Charlie Baker said he is “extremely disappointed” with
that made private information from about 39,000 business taxpayers visible to other companies, potentially including competitors.
He said the intent of what the tax-collecting agency was originally pursuing with the change that lead to the breach — allowing its tax agents to better help businesses with questions about withholding — was positive.
“I think the execution and the implementation of it was not,” he told the Globe. “And I’ve been extremely disappointed by what’s happened since then.”
The blunder, which the Department of Revenue has said lasted from early August through Jan. 23, allowed some companies to view other business’s names, tax identification numbers, amount and date of tax payments, number of employees, and banking information about their payroll processor.
This month, the agency has changed its story about the data issue multiple times.
It expanded the number of businesses it said were affected by the breach, and said a Social Security number may have been exposed, after originally stating no such data had been visible to anyone who should not have had access to it.
And, under questioning by the Globe last week, it acknowledged that it had been alerted to the data snafu months before it fixed the problem — after originally saying, “Once DOR was made aware of the issue, DOR reversed this change in less than 24 hours.”
Aside from the single Social Security number that may have been viewed by those who shouldn’t have seen it, the agency has said no employee data was revealed in the data hiccup.
“I take some relief in the fact that personal information was not breached by this, that they did a pretty solid forensic analysis, once they got around to understanding what the problem was,” Baker said during a weekend interview during the winter meeting of the National Governors Association. “But no, I wasn’t happy with the whole thing played out.”
Joshua Miller can be reached at firstname.lastname@example.org.