Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

South Carolina Hit in Massive Cyberattack – 3.6 Million Tax Payers Exposed

South Carolina Data Breach Exposes 3.6 Million Tax Payers

State officials in South Carolina say a devastating cyberattack on the state’s Department of Revenue has resulted in the theft of 3.6 million social security numbers and nearly 400,000 credit and debit card numbers.

South Carolina Data Breach Exposes 3.6 Million Tax Payers

State officials in South Carolina say a devastating cyberattack on the state’s Department of Revenue has resulted in the theft of 3.6 million social security numbers and nearly 400,000 credit and debit card numbers.

According to the Department of Revenue (DOR), the vast majority of the credit card numbers are protected by strong encryption. However, approximately 16,000 are unencrypted.

South Carolina Map“On October 10, the S.C. Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers,” said Department of Revenue Director James Etter, in a statement. “We worked with them throughout that day to determine what may have happened and what steps to take to address the situation. We also immediately began consultations with state and federal law enforcement agencies and briefed the governor’s office.”

Six days later, investigators uncovered two attempts to probe the system in early September, as well as a previous attempt that was made in late August. In mid-September, two other intrusions occurred that authorities believe were the first times the intruder or intruders obtained data. No other intrusions have been uncovered at this time, and on Oct. 20, the vulnerability in the system was closed, according to the DOR.

“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens,” said South Carolina Governor Nikki Haley in a statement. “We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected.”

In a survey by Deloitte & Touche released this week, less than a quarter of state chief information security officers said they were confident in their states’ ability to safeguard data from attacks. Just 32 percent of CISOs felt state employees had the “required cyber-security competency.”

In light of the recent attack, Gov. Haley issued an executive order instructing state IT officers to work with the Office of the State Inspector General to review and bolster security.

“From the first moment we learned of this, our top priority has been to protect the taxpayers and the citizens of South Carolina, and every action we’ve taken has been consistent with that priority,” Etter said. “We have an obligation to protect the personal information entrusted to us, and we are redoubling our efforts to meet that obligation.”

It has been a tough year for the State. In late August, The University of South Carolina (USC) notified some 34,000 people after a system intrusion was detected on a computer used by the College of Education.

Related: State CISOs Have Little Confidence In Ability To Defend Against External Threats

RelatedHackers Targeting South Carolina DMV Underscores Security Realities

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.The vulnerabilities, in...

Application Security

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a...