IT | Security

3.6 Million Affected by South Carolina Breach

By: Absolute Team | 10/31/2012

On October 10th, the Secret Service notified South Carolina officials that an international hacker had accessed approximately 3.6 million state tax returns (including Social Security numbers) as well as 387,000 credit and debit card numbers (some of which were unencrypted).

Many details of the attack are unknown. It appears that the system was first breached in late August, though data was not taken until 2 repeated intrusions later in the month. Affected individuals were not notified until October 26th, 6 days after the SC Department of Revenue patched the security holes that allowed the attack to happen.

As you can see from the full chronology of events here, the SC Department of Revenue was able to begin monitoring for unauthorized intrusions in one day with additional monitoring added within 48 hours (and computer-specific monitoring within 10 days), so it's unfortunate that it took a breach to get this monitoring in place.

The state will provide taxpayers with a year of credit monitoring and identity theft protection, something which is going to be costly (to the state and thus to taxpayers) for the exceptional number of people affected by this breach. As with many states, South Carolina operates separate systems for each agency, board, university and commission; many argue that this complicates security measures.