South Carolina reveals massive data breach of Social Security Numbers, credit cards
The state governor said she wants the hacker "slammed to the wall"
IDG News Service - Approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers belonging to South Carolina taxpayers were exposed after a server at the state's Department of Revenue was breached by an international hacker, state officials said Friday.
All but 16,000 of the credit and debit card numbers were encrypted, the officials said.
The state's Department of Revenue became aware of the breach Oct. 10 and an investigation revealed the hacker had stolen the data in mid-September, after probing the system for vulnerabilities in late August and early September.
The vulnerability exploited by the attacker was closed Oct. 20.
During a press conference Friday, South Carolina Governor Nikki Haley described the attack as international and "creative in nature."
Asked if she knew where the attack originated from, she said she does but declined to name the location because it might hurt the law enforcement investigation. She did, however, say she wants the hacker "slammed to the wall."
"We want to make sure everybody understands that our State will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem," Haley said.
The state will provide affected taxpayers with a year of credit monitoring and identity theft protection service from Experian.
"Anyone who has filed a South Carolina tax return since 1998 is urged to visit protectmyid.com/scdor or call 1- 866-578-5422 to determine if their information is affected," the Department said.
"While details are still emerging, we can already say that this breach of records at the South Carolina Department of Revenue (SCDOR) is exceptional, both in terms of the large number of records compromised and the potential damage to confidence in state government that may result," Stephen Cobb, a security evangelist at security firm ESET, said via email Friday.
"The cost is also going to be enormous, given that South Carolina may be required to pay for identity theft protection services for anyone who has paid taxes in South Carolina since 1998," he said.
"Encryption of the data may slow down the process by which the stolen records are converted into cash through identity theft and fraudulent accounts, although that will also depend on the strength of the encryption," Cobb said.
Cobb pointed out that this breach came only a couple of months before people can start filing their income tax returns.
"Fraudulent electronic claims for refunds are a huge problem for the Internal Revenue Service (IRS) as criminals can easily make fake versions of the income tax withholding form known as W-2, showing that the employer withheld more tax than was owed," Cobb said. "Employers often dont inform the IRS of taxes withheld until several months into the New Year."
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!