BOSTON (AP) — Massachusetts needs to do more to prevent cyber threats and protect the personal data of those receiving welfare benefits.

That’s the conclusion of an audit released Monday by state Auditor Suzanne Bump.

Bump said the audit showed the Massachusetts Department of Transitional Assistance was not adequately protecting data from inappropriate access.

Bump said auditors found the agency did not immediately revoke the access of terminated employees to a database used to determine client eligibility for assistance. She said some employees continued to have access to the system for more than three weeks after they were let go.


The audit also found the agency hadn’t fully studied vulnerabilities facing third-party vendors that have access to personally identifiable information like Social Security numbers.

Bump said the failure to assess such risks increases the likelihood that sensitive data could be disclosed.

In a response from the department included in the audit, the agency said it agrees that automatic notification should occur when employees are terminated, but said it would help if the state’s human resource system was updated to make that process easier.

An agency spokeswoman also said the department treats the security of its clients’ personal identifying information with great caution and care and will further strengthen its security.