As the probe deepens into the massive hack of the South Carolina Department of Revenue, forensic investigators have concluded that as many as 657,000 businesses may also have been impacted.
The new revelations only exacerbate an already troubling breach, which involved the theft of 3.6 million Social Security numbers and 387,000 credit and debit card numbers from state residents, officials announced last Friday.
Gov. Nikki Haley said during a Wednesday press conference said that beginning Friday, businesses that have filed a tax return since 1998 will be offered free credit monitoring from Dun & Bradstreet.
Haley declined to delve into specifics about how the breach occurred, though according to reports, the intruders were based overseas and used approved credentials to access the agency’s systems in August and September.
“I don’t think we’re allowed to talk about that at all,” Haley said, responding to a reporter’s question of how the attackers were able to reach the critical data if the systems housing it were supposedly disconnected from the internet.
She later said that not every attack is preventable.
“If somebody wants to get in, they’re getting in,” she said.
Revenue Department director James Etter said the agency was considering shortening how long it holds on to records, from 15 years to 10 years, but said this is difficult because of things like pending criminal cases.