Cyber Attack on S.C. Department of Revenue Exposes 3.6 Million
By Sarita Chourey
Morris News Service
October 29, 2012 — COLUMBIA -- The South Carolina Department of Revenue announced Friday that a cyber attack has exposed 3.6 million Social Security numbers and 387,000 credit and debit card numbers.
Of the credit cards, 16,000 are unencrypted, while the vast majority are protected.
The state is providing one year of credit monitoring and identity theft protection to anyone who has been affected by the attack.
"On October 10, the S.C. Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers," said state Department of Revenue director James Etter in a news release Friday.
"We worked with them throughout that day to determine what may have happened and what steps to take to address the situation. We also immediately began consultations with state and federal law enforcement agencies and briefed the governor's office."
The agency contracted with Mandiant, "one of the world's top information security companies," said the agency, for help with the investigation, efforts to secure the system, and install tighter security.
On October 16, investigators discovered two attempts to hack the system in early September, and later learned that an earlier attempt was made in late August, according to the revenue department.
The agency said Friday that two other breaches occurred in mid-September, "and to the best of the department's knowledge, the hacker obtained data for the first time."
"On October 20, the vulnerability in the system was closed and, to the best of the department's knowledge, secured," according to the agency statement.
Gov. Nikki Haley said in a news release following a press conference that officials are taking immediate steps to protect the taxpayers of South Carolina.
It's not the first time South Carolinians' personal information has been stolen from a state agency.
In April, the S.C. Department of Health and Human Services discovered that an employee working within the Medicaid program had moved the personal information of 228,435 Medicaid beneficiaries into his personal email account.
[BOX] Are you affected?
If you filed a South Carolina tax return since 1998, you are urged to visit protectmyid.com/scdor or call 1- 866-578-5422. If your information has been compromised, you can enroll in one year of identity protection service provided by Experian.
Experian's ProtectMyIDT Alert is designed to detect, protect and resolve potential identity theft, and includes daily monitoring of all three credit bureaus. The alerts and daily monitoring services are provided for one year. Consumers will have access to fraud resolution agents and services beyond the first year.
In addition to the Experian service, individuals are urged to consider additional steps:
-Regularly review credit reports
-Place fraud alerts with the three credit bureaus
-Place a security freeze on financial and credit information with the three credit bureaus.
Other tips from the S.C. Department of Revenue:
If credit card information is compromised, the best protection is to have the bank reissue the card.
If you've used a credit card in a transaction with the S.C. Department of Revenue, you should check bank accounts regularly for unauthorized charges. If any are detected, the cardholder should contact the credit card issuer immediately by calling the toll-free number located on the back of the card or on a monthly statement.
Consumers should also change any credit card web account passwords immediately, if there have been unauthorized charges.
This story submitted from Chourey, Sarita using email address email@example.com