South Carolina officials are trying to contain the damage associated with a massive data security breach at its state Department of Revenue that officials say was attacked by an international hacker.
The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens.
Nikki Haley, South Carolina Governor
Approximately 3.6 million Social Security numbers and hundreds of thousands of credit and debit card numbers were exposed following the attack, which was detected Oct. 16. South Carolina officials said that forensics investigators determined that the data had been stolen in mid-September. Nearly all the credit card data was encrypted, according to the state.
Computer forensics investigators uncovered two attempts to probe the system in early September as well as a previous attempt made in late August, according to a press release (.pdf) issued by the state's Department of Revenue on Friday. A vulnerability in the system was patched on Oct. 20, according to the statement.
“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens,” South Carolina Governor Governor Nikki Haley said in a statement. “We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected.”
The state is urging anyone who has filed a South Carolina tax return since 1998 to visit protectmyid.com/scdor or call 1- 866-578-5422 to determine if their information is affected.
The breach disclosure comes shortly after a report that cites insufficient funding and lack of top IT talent maintaining state and local government computer systems. Eighty-six percent of CISOs said insufficient funding was the biggest barrier to addressing cybersecurity issues at the state level, according to the 2012 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study (.pdf). The Deloitte-NASCIO survey showed that 24% of CISOs believe their staff has large gaps in competency, up from 17% in 2010.