Connect with us

Hi, what are you looking for?


Data Protection

Auditor: Massachusetts Department of Revenue Needs to Better Protect Data

The Massachusetts Department of Revenue needs to do more to protect the security of taxpayer and business data, the state auditor said Monday.

The Massachusetts Department of Revenue needs to do more to protect the security of taxpayer and business data, the state auditor said Monday.

Auditor Suzanne Bump said an audit found the department was not prepared to respond to or mitigate cyberattacks that it or its vendors face. Bump cautioned that inadequate controls could make sensitive taxpayer data, including Social Security numbers and tax payment history, vulnerable to cyberattacks and inappropriate disclosure.

The audit examined the department’s operations from July 1, 2016 through Dec. 31, 2018, and it did not have procedures in place to guide its response to information technology security incidents, Bump said.

In its response to the audit, the revenue department said it’s working to address the issues. It plans to establish a committee to review its information technology governance and resources, and said it’s revising its incident response policy. The department also said it’s also going to convene a group to look at vendor risks.

The department faced a series of incidents during the audit period, including a data breach that exposed private information from about 39,000 business taxpayers, Bump said. She said the department has incredibly sensitive data about every taxpayer and business in Massachusetts and it has a responsibility to do everything it can do to keep it safe.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.