State mailing glitch leaves data visible

January 15, 2008

By Judith Davidoff and David Callender

Another mailing glitch by the state has resulted in more residents' Social Security numbers being inadvertently disclosed, officials announced today.

A mailing by the state Department of Revenue showed the Social Security numbers of about 5,000 residents from northeastern Wisconsin, state Administration Secretary Mike Morgan said during a news conference this morning in Madison. The number was visible through the envelope window.

Morgan said the Department of Revenue 1099-G forms, which report taxpayers' state tax refund for federal income taxes, were printed, folded and mailed by the Department of Administration. He said a malfunctioning machine was responsible for improperly folding some of the documents and exposing the Social Security numbers.

Morgan also said the employees responsible for checking the addresses before the forms are mailed did not catch the mistake.

He said the state learned of the error on Jan. 9 and that it was "immediately corrected by the end of business last Friday, Jan. 11."

Morgan offered a "full apology for this error" to taxpayers and said the state would offer free credit monitoring services to residents affected by this mistake. He said residents are being notified about the error and credit monitoring services in a letter mailed on Monday.

Department of Administration officials said the mistake affects residents in Lena, Marinette, Little Suamico, Freedom, Kaukauna, Lakewood, Keshena, Krakow, Little Chute, and Kimberly.

Today's revelation is the latest in a string of accidental releases of Social Security numbers by state agencies.

Earlier this month, the Department of Health and Family Services revealed that a mailing to more than 260,000 Medicaid clients mistakenly included their Social Security numbers on the mailing label.

The department blamed an employee at the firm that does the state's Medicaid billing for the error, and the firm, EDS, has agreed to provide free credit monitoring for a year for all of the affected clients. The state is still considering legal action against EDS Corp. of Plano, Texas.

In December 2006, the state Department of Revenue also sent out a mailing to more than 170,000 residents that included taxpayers' Social Security numbers on the address label. Morgan was the Secretary of the Department of Revenue at the time.

Today, he acknowledged that three security breaches have now occurred under his watch.

"It's three times too many," he said. "I intend to work very diligently to make sure it doesn't happen again."

Gov. Jim Doyle also announced that he has asked Metavante, a Milwaukee-based firm that provides financial and payment technology to companies worldwide, to conduct a comprehensive review of the state's security practices. Morgan called the company a "good corporate citizen" and said it was providing its services free of charge.

He said the free services would not lead to improper favor for the company with future state contracts.

"We have procurement rules," he said. "We'll follow them."

Morgan said three residents called the state about the Department of Administration Social Security snafu, though none reported incidents of identity theft. EDS officials also said last week that they had not received any reports of identity theft stemming from its mailings.

main page ATTRITION feedback