News

South Carolina breach affects millions

SearchSecurity.com Staff

South Carolina officials are trying to contain the damage associated with a massive data security breach at its state Department of Revenue that officials say was attacked by an international hacker.

    Requires Free Membership to View

The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens.

Nikki Haley, South Carolina Governor

Approximately 3.6 million Social Security numbers and hundreds of thousands of credit and debit card numbers were exposed following the attack, which was detected Oct. 16. South Carolina officials said that forensics investigators determined that the data had been stolen in mid-September. Nearly all the credit card data was encrypted, according to the state.

Computer forensics investigators uncovered two attempts to probe the system in early September as well as a previous attempt made in late August, according to a press release (.pdf) issued by the state's Department of Revenue on Friday. A vulnerability in the system was patched on Oct. 20, according to the statement.

“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens,” South Carolina Governor Governor Nikki Haley said in a statement. “We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected.”

The state is urging anyone who has filed a South Carolina tax return since 1998 to visit protectmyid.com/scdor or call 1- 866-578-5422 to determine if their information is affected.

The breach disclosure comes shortly after a report that cites insufficient funding and lack of top IT talent maintaining state and local government computer systems. Eighty-six percent of CISOs said insufficient funding was the biggest barrier to addressing cybersecurity issues at the state level, according to the 2012 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study (.pdf). The Deloitte-NASCIO survey showed that 24% of CISOs believe their staff has large gaps in competency, up from 17% in 2010.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: