Presented by the Privacy and Data Security Litigation Practice Group

Vermont Continues Its Response to Department of Labor Data Breach

By
David J. Shannon

Last week, Vermont’s Department of Labor mailed out tens of thousands of tax forms to Vermont residents. The forms were being sent to unemployment insurance recipients. However, as a result of numerous issues with their computer system, thousands of residents received incorrect 1099 forms. These individuals will now receive corrected copies as well as data breach notification letters. 

Vermont’s labor department is still trying to determine exactly what happened and how many people were affected. At this time, approximately 25,000 to 45,000 people are likely to have received the wrong forms. At a recent state legislator meeting, state senators indicated that the antiquated computer system was partly to blame for the data breach. The labor department’s outdated systems include an older mainframe and software used to combine data from multiple programs. 

The use of older computer systems that have not been properly updated, patched or replaced is an ongoing cyber security risk for municipalities, smaller businesses and healthcare providers. In this instance, cells on a spreadsheet appear to have been moved or incorrectly used, and unemployment insurance claimants received letters with their first name and address, but someone else’s last name. The recipients also were provided an incorrect social security number.  The mailing of individual social security numbers to other individuals is especially troubling considering that this personal information could be used for identity theft. 

The incident once again demonstrates that, despite all the talk about ransomware, data breaches still can occur as a result of human error,  antiquated computer systems and other reasons. To reduce risk, businesses and governmental agencies should continually look to improve and update their systems and to ensure that they have proper cyber insurance. 

 

The material in this law alert has been prepared for our readers by Marshall Dennehey Warner Coleman & Goggin. It is solely intended to provide information on recent legal developments, and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. We welcome the opportunity to provide such legal assistance as you require on this and other subjects. If you receive the alerts in error, please send a note tamontemuro@mdwcg.com. ATTORNEY ADVERTISING pursuant to New York RPC 7.1. © 2021 Marshall Dennehey Warner Coleman & Goggin. All Rights Reserved.