South Carolina reveals massive data breach of Social Security Numbers, credit cards
The state governor said she wants the hacker "slammed to the wall"
IDG News Service - Approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers belonging to South Carolina taxpayers were exposed after a server at the state's Department of Revenue was breached by an international hacker, state officials said Friday.
All but 16,000 of the credit and debit card numbers were encrypted, the officials said.
The state's Department of Revenue became aware of the breach Oct. 10 and an investigation revealed the hacker had stolen the data in mid-September, after probing the system for vulnerabilities in late August and early September.
The vulnerability exploited by the attacker was closed Oct. 20.
During a press conference Friday, South Carolina Governor Nikki Haley described the attack as international and "creative in nature."
Asked if she knew where the attack originated from, she said she does but declined to name the location because it might hurt the law enforcement investigation. She did, however, say she wants the hacker "slammed to the wall."
"We want to make sure everybody understands that our State will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem," Haley said.
The state will provide affected taxpayers with a year of credit monitoring and identity theft protection service from Experian.
"Anyone who has filed a South Carolina tax return since 1998 is urged to visit protectmyid.com/scdor or call 1- 866-578-5422 to determine if their information is affected," the Department said.
"While details are still emerging, we can already say that this breach of records at the South Carolina Department of Revenue (SCDOR) is exceptional, both in terms of the large number of records compromised and the potential damage to confidence in state government that may result," Stephen Cobb, a security evangelist at security firm ESET, said via email Friday.
"The cost is also going to be enormous, given that South Carolina may be required to pay for identity theft protection services for anyone who has paid taxes in South Carolina since 1998," he said.
"Encryption of the data may slow down the process by which the stolen records are converted into cash through identity theft and fraudulent accounts, although that will also depend on the strength of the encryption," Cobb said.
Cobb pointed out that this breach came only a couple of months before people can start filing their income tax returns.
"Fraudulent electronic claims for refunds are a huge problem for the Internal Revenue Service (IRS) as criminals can easily make fake versions of the income tax withholding form known as W-2, showing that the employer withheld more tax than was owed," Cobb said. "Employers often dont inform the IRS of taxes withheld until several months into the New Year."
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Cybercrime and Hacking White Papers | Webcasts