On July 2nd, the Department was alerted to a security vulnerability for taxpayers who filed Property Transfer Tax returns through the Department’s online filing site between February 2017 and July 2020. While the Department believes the risk of unauthorized access of any individual’s data is low, it is issuing a public notification to encourage taxpayers who could have been affected to remain vigilant and take steps to help prevent identity theft.
Immediately after learning of the issue, the Department disabled and then patched the part of the software that had the vulnerability. While the Department cannot determine with certainty whether or not any individual’s data was accessed, it has had no reports of unauthorized access of property transfer tax returns. There are a few factors which lead the Department to believe that the risk of unauthorized access of any individual’s data is low.
- To gain access to personal information, a user would have needed specialized knowledge to understand the functionality of verification credentials on the tax return.
- To gain access to personal information, a user would have needed access to the municipal records. In most Vermont towns, these records are only available with an in-person visit.
- There was no ability to obtain personal information from many tax returns at once. A user who had verification credentials from a tax return could only access information from that specific tax return.
The public notice the Department issued provides additional information, including tips for guarding against identity theft. The Department encourages taxpayers who filed a property transfer tax return electronically from February 2017 to July 2020 to review the notice and reach out to the Department if they have questions. The notice is available on the Department’s website at the following URL: https://tax.vermont.gov/content/ptt-data-security-notice.