Breach, Data Security, Vulnerability Management

Monster breach hits South Carolina taxpayers

The state of South Carolina is engaged in an "unprecedented response" following a massive breach in which hackers stole 3.6 million Social Security numbers and 387,000 credit and debit card numbers, officials said Friday.

The incident affected the state's Department of Revenue, and any person who filed a South Carolina tax return since 1998 is being asked to monitor their credit reports for potential fraud. The state is providing them with one year of free identity theft protection.

By all accounts, the breach is staggering, considering the state has about 4.5 million residents. That means about 80 percent of the state's inhabitants' Social Security numbers potentially are affected.

"The number of records breach requires an unprecedented, large-scale response by the Department of Revenue, the state of South Carolina and all our citizens," Gov. Nikki Haley said in a statement, which includes advice for victims.

On Oct. 16, the agency that is responsible for collecting taxes was informed of a potential attack involving the personal information of state residents, according to a chronology of the breach, first reported by GreenvilleOnline.com and WLTX television of Columbia, S.C.

On the following day, department officials created a response after meeting with Haley. It included hiring forensic firm Mandiant to begin monitoring the agency's network and individual workstations for signs of compromise. In addition, the state began its own internal investigation to determine if any of its employees or contractors may have been responsible.

On Oct. 16, Mandiant confirmed that in early September, unknown hackers "probed" agency systems, and sometime in the middle of the month, they were able to access the data that was stolen. On Oct. 16, the vulnerability that permitted the intrusion was closed.

The statement did not offer any other details about how the hack was perpetrated. Samantha Cheek, a Department of Revenue spokeswoman, told SCMagazine.com that the intrusion was enabled by a "server issue" but that the agency can't release specific details because he could jeopardize the investigation.

She said officials do not believe any insiders helped with the data heist.

To add insult to injury, Cheek confirmed that the toll-free hot line set up for concerned residents who may be affected was overloaded by calls, leading to significant wait times. She advised people to call later.

Richard Bejtlich, Mandiant's chief security officer, told SCMagazine.com that he couldn't provide details into his company's investigation.

"We're thankful for the voluntary public mention of Mandiant by state officials, but our policies and professional guidelines prevent us from saying anything about the case unless authorized by the client," he said.

An estimated 371,000 of the 387,000 compromised credit card numbers were safeguarded by "encryption deemed sufficient" under the Payment Card Industry Data Security Standard, according to officials.

In August, the state's largest university announced that it was hit by overseas hackers who raided its database of the personal information of 34,000 students, staff and researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.