The department sent the emails to about 72,000 taxpayers.
"According to our vendor, a system process that sends out prepayment reminder emails unfortunately failed, and prior system testing of this process did not identify the issue we ended up experiencing overnight," CDTFA spokesman Paul Cambra told Techwire in an email. "These routine emails included the taxpayer’s limited access code and account number that enables a taxpayer to log on to the CDTFA system and view the business name and submit a prepayment or return, but does not allow further accessing of taxpayer account information."
The tax system was launched in May.
"Unfortunately, due to the system error, there were eight taxpayers whose limited access code and account number was misdirected to an unrelated taxpayer," Cambra wrote.
The access codes, which were deactivated, accessed only one part of the system.
"CDTFA is working with the eight taxpayers whose limited access codes and account number were erroneously sent out and other taxpayers affected by this system error. We developed the limited access code so that a taxpayer could work within the system in a secure environment," Cambra wrote. "It provides a capability that allows taxpayers an easier way to push information to us, like filing a return or making a payment, without giving full access to the taxpayer’s account. In other words, the limited access code function provides the capability to make a payment or file a tax return without logging into the system, adding an extra layer of security."
About 32 people began their payments in the wrong place and were redirected.
"More than 1,600 people received the same email 10 times and approximately 43 people may have received the email more than 10 times," Cambra wrote. "We are confident that we have identified the full scope of the problem as we know it now and are sorry for any confusion. A communication to these taxpayers is being sent out advising them of the error. We are grateful for the patience and understanding of all of our customers."
