Michigan Lottery put winners’ data at risk, audit finds
The Michigan Lottery may have put winners’ personal information at risk, MLive reports.
According to a report from the state’s Office of the Auditor General, the Michigan Bureau of State Lottery did not encrypt the personal information for 8,435 individual lottery winners between 2012 and 2013 before sending it to the Department of Treasury. Treasury collects information on winners for tax purposes.
“As a result, the Bureau did not minimize the likelihood that confidential taxpayer data could have been inadvertently disclosed or accessed,” according to the report.
The report notes that the state’s Department of Technology, Management and Budget requires the encryption of personally identifying information, like social security numbers.
The Bureau of State Lottery said it was unaware that Treasury could accept encrypted data because, the bureau said, Treasury did not provide a mechanism for encryption. The bureau is now updating its data protocol to encrypt lottery winners’ personal data.
The report also found two other reportable conditions: The bureau had not analyzed the impact of lowering the thresholds for withholding state income taxes, and it also had not investigated lottery retail owners who repurchased winning lottery tickets, most likely at a discount.