The state Department of Administration may have inadvertently disclosed the Social Security numbers of dozens of people involved with women- or minority-owned businesses, officials said today.
A Department of Administration employee was uploading a list of certified women or minority business enterprises to the department's Web site near the end of the working day last Wednesday, said Anthony Green, deputy commissioner and general counsel. The employee inadvertently also put the tax identification numbers of the businesses online, a mistake that was noticed by another employee and corrected Thursday morning.
Some businesses and sole proprietorships use the owner's Social Security number as a tax ID, so the department sent out letters warning people that their Social Security number may have been seen online during the period of about 12 hours, Green said.
Green was not sure exactly how many people could be affected by the mistake, but said the worst-case scenario would be no more than a couple hundred.
"Of the companies that were certified, it was just a portion of them," Green said.
The Department of Administration has since changed the way it uploads information to its Web site. Employees are now required to get approval before putting information online.
The state had a much larger security problem earlier this year, when an audit of a state government Web site database found that personal information including Social Security numbers for 71,000 health care workers was accessed by someone hacking into the system.
That information was accessed Jan. 3, at the same time the hacker accessed credit card information of about 5,600 people and businesses from the state government's Web site.