An unprecedented security compromise of a government database occurred in August, according to reports from South Carolina. A server at the state’s department of revenue was hacked by a foreign criminal and millions of Social Security numbers and debit numbers—belonging to 77 percent of South Carolina residents—were stolen.
“This is not a good day for South Carolina,” said South Carolina Governor Nikki Haley in an Oct. 25 press conference. “South Carolina has come under attack by an international hacker.”
The compromised data included about 3.6 million Social Security numbers and 387,000 taxpayer debit and credit card numbers. State officials said all but 16,000 of the card numbers were encrypted. After another state department began a probe of the DOR system to search for vulnerabilities in August, the compromise was discovered in mid-September. State officials were informed Oct. 10, and the vulnerability the hacker exploited was secured Oct. 20.
“On October 10, the S.C. Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers,” said DOR Director James Etter. “We worked with them throughout that day to determine what may have happened and what steps to take to address the situation. We also immediately began consultations with state and federal law enforcement agencies and briefed the governor’s office.”
Haley called the attack “creative in nature,” and declined to name the location of origin to avoid hurting law enforcement’s investigation of the attack. She made no qualms about her plan to prosecute the hacker to the fullest extent.
“I want this person slammed against the wall. I want that man brutalized,” Haley said. “We want to make sure everybody understands that our state will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem.”
Taxpayers affected by the breach will be eligible for state-paid credit monitoring and identity theft protection service from Experian for one year. The DOR urges any person who has filed a South Carolina tax return since 1998 to determine if his or her information has been compromised by visiting protectmyid.com/scdor or by calling 1-866-578-5422.
“We are going to have a very strong approach to make sure that every South Carolina taxpayer is protected,” said Haley. “No taxpayer should be a victim to this. We will take care of them.”
Although the data compromise did not directly impact any state funds, the costs to the state will be substantial.
“Whatever it takes to do this, we are going to do,” Haley commented on costs of protecting taxpayers. “This is not going to be inexpensive.”
If among the 77 percent of compromised residents, South Carolinians are advised to have their banks reissue cards with new numbers, as well as closely monitor any accounts used in transactions with the DOR. If unauthorized activity is spotted, card holders should immediately contact their banks. Affected residents are also advised to monitor their credit reports and place fraud alerts on their identities with the three credit bureaus.