South Carolina reveals massive data breach of Social Security Numbers, credit cards

The state governor said she wants the hacker "slammed to the wall"

Approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers belonging to South Carolina taxpayers were exposed after a server at the state's Department of Revenue was breached by an international hacker, state officials said Friday.

All but 16,000 of the credit and debit card numbers were encrypted, the officials said.

The state's Department of Revenue became aware of the breach Oct. 10 and an investigation revealed the hacker had stolen the data in mid-September, after probing the system for vulnerabilities in late August and early September.

The vulnerability exploited by the attacker was closed Oct. 20.

During a press conference Friday, South Carolina Governor Nikki Haley described the attack as international and "creative in nature."

Asked if she knew where the attack originated from, she said she does but declined to name the location because it might hurt the law enforcement investigation. She did, however, say she wants the hacker "slammed to the wall."

"We want to make sure everybody understands that our State will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem," Haley said.

The state will provide affected taxpayers with a year of credit monitoring and identity theft protection service from Experian.

"Anyone who has filed a South Carolina tax return since 1998 is urged to visit or call 1- 866-578-5422 to determine if their information is affected," the Department said.

"While details are still emerging, we can already say that this breach of records at the South Carolina Department of Revenue (SCDOR) is exceptional, both in terms of the large number of records compromised and the potential damage to confidence in state government that may result," Stephen Cobb, a security evangelist at security firm ESET, said via email Friday.

"The cost is also going to be enormous, given that South Carolina may be required to pay for identity theft protection services for anyone who has paid taxes in South Carolina since 1998," he said.

"Encryption of the data may slow down the process by which the stolen records are converted into cash through identity theft and fraudulent accounts, although that will also depend on the strength of the encryption," Cobb said.

Cobb pointed out that this breach came only a couple of months before people can start filing their income tax returns.

"Fraudulent electronic claims for refunds are a huge problem for the Internal Revenue Service (IRS) as criminals can easily make fake versions of the income tax withholding form known as W-2, showing that the employer withheld more tax than was owed," Cobb said. "Employers often dont inform the IRS of taxes withheld until several months into the New Year."

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata breachIdentity fraud / theft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place