Foulup shows Social Security data to other state taxpayers

Milton Kornfeld didn't even return the phone call when a state Department of Revenue employee left a message at his Brookline Village home late last month mentioning some kind of problem with a tax form mailed to him. "I'm not an alarmist," the 64-year-old educational consultant explained.

But when a neighbor on Gorham Avenue called Kornfeld a few days later to say he had received a tax form containing the Social Security numbers of Kornfeld and his wife, Kornfeld was less blasé.

Yesterday, the Revenue Department said 45 taxpayers in Brookline's 02445 zip code recently received tax forms with their neighbors' names and Social Security numbers because of a blunder by a vendor that prints and mails the coupons.

Alan L. LeBovidge, commissioner of revenue, sent a letter to residents this week apologizing for the gaffe and assuring them that "maintaining the confidentiality of your personal information is our highest priority."

Department officials said they are considering terminating the contract with Allison Payment Systems of Indianapolis, which receives $235,000 a year to print and mail Estimated Income Tax coupons to more than 411,000 taxpayers statewide. Company officials did not return phone calls seeking comment.

Kornfeld, for his part, said he was grateful that he knew the neighbor who received his Social Security number. In the wrong hands, the nine-digit number is a passport to fraud and can be used to obtain credit cards and gain access to financial information.

"It's potentially a disaster if thousands of these had gone out," Kornfeld said.

The mixup, while limited, was the latest in a series of privacy breaches that have embarrassed corporations, universities, and government agencies. Among companies that inadvertently lost control of customer data in recent years are TJX Cos., which owns T.J. Maxx and Marshall's, and The Boston Globe and the Telegram & Gazette of Worcester.

In Brookline Village, some residents were particularly upset that the problem occurred under the watch of a government agency.

"It's outrageous when it's TJX," said the neighbor of Kornfeld who received his Social Security number and insisted on anonymity. "It's even more outrageous when it's the Department of Revenue."

The problem involved coupons Allison Payment Systems sends annually to taxpayers who must make quarterly estimated payments on taxes due on income not subject to withholding. Typically, such taxpayers are self-employed or receive income irregularly.

The mailing consists of several sheets of paper, including one sheet with the first coupon and a subsequent sheet with three more coupons, said Joseph J. McDermott, the department's taxpayer advocate.

For reasons that department officials are trying to determine at the Indianapolis facility, the machine that produces the mailing printed the correct information on the outside and on the second page, McDermott said. But on the third page, the machine printed the name and Social Security number of the next recipient scheduled to receive a mailing.

State officials learned of the "machine hiccup" on the evening of Feb. 23, McDermott said. The next day, he began calling residents who received mailings by mistake and asked that they return them to the department. Days later, many residents had still not opened them.

McDermott said department officials have no evidence that anyone used another person's Social Security number fraudulently. "Most of the people, when they became aware of it, knew who the person was, a neighbor," he said.

Jennifer Parent, a spokeswoman for the department, said officials are certain the problem involved no more than 45 taxpayers. This week the department sent two internal auditors to Allison Payment Systems to inspect its operation and determine whether the state should stop doing business with the company, Parent said. The company has worked for the state for about six years and never experienced similar problems, she said.

Beth Givens, director of the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group in San Diego, said automated mail-stuffing machines have caused problems for government agencies in other states.

"The fact that they caught it and that it involved only 45 individuals is a fairly good indication that they have effective quality control practices" in Massachusetts, she said.

Kornfeld was glad to receive the letter of apology from LeBovidge but wished the state offered to monitor his credit rating to make sure no one uses his Social Security number fraudulently.

"If they can't protect me at the front end, they should at least do something to help me if something goes wrong," he said.

Jonathan Saltzman can be reached at jsaltzman@globe.com