The news broke on Friday and it was a whopper. It’s believed 3.6 million social security numbers and close to 400,000 credit card accounts were exposed when a number of cyber attacks were carried out on the South Carolina Department of Revenue. Now, many are saying they hope this massive breach will be enough of an incentive to force banks, governments and credit card companies to build even more encryption into their websites.
If you’ve ever filed taxes in South Carolina from 1998 to current day, odds are, your information was hacked.
The breach was discovered in early September; however, officials – for whatever reason – opted to sit on that information for more than a month. Now, the state says none of the information was encrypted – and folks are demanding answers. In an interview with Security Watch, a data protection expert and current vice president of Voltage Security Mark Bower, said,
Cases like this continue to raise awareness of the shortcomings of traditional infrastructure security in keeping sensitive data safe.
There was a very small number of credit cards that weren’t hacked, though experts aren’t sure why. Interestingly, it appears social security numbers were deemed less sensitive than credit card numbers. If someone steals your credit card information, you can easily contact the card company and it won’t hold you liable for any fraudulent charges; on the other hand, if your social security number is stolen, the potential for damage increases exponentially. An identity thief can make life quite difficult and can take years out of the victim’s life to straighten the mess out.
Public Funds OK
Despite sitting on this for more than a month, the state insists “public funds” weren’t stolen – but stolen funds are completely different than “your funds” via stolen information. Officials are providing information for those who might have been compromised. They’re encouraged to call 866-578-5422 or visit protectmyid.com/scdor. There, consumers/taxpayers can find out for sure if their information has been compromised.
Also, when you visit this website you can take advantage of a twelve month credit monitoring service through Experian. You’ll need to use the code SCDOR123 in the box during sign up. It’s not required that you still reside in South Carolina in order to take advantage of the offer. The only requirement is that your information was compromised, regardless of where you call home today.
Also, it’s being encouraged that anyone who has used a credit card in a transaction with the Department of Revenue should check their bank accounts and credit card statements to ensure are no questionable activity. If it is discovered, card holders are being told to contact the credit card issuer immediately. Most, if not all, credit card numbers have a toll-free number located on the back of the card or on a monthly statement. Provide the details of the transaction, and then ask them to send you a new credit card. Finally, consumers are being cautioned to also change all of their online passwords.
It could still take weeks to learn the depth of the damage, according to Governor Nikki Haley (R). She posted on her Facebook wall and in a presser that a “foreign hacker” had stolen “tax record information” in September.
It was a large file. So it will take time to download that file and reanalyze the data in order to see which taxpayers information has been compromised,
said Department of Revenue spokesperson Samantha Cheek.
It could be a few days. It could be up to a week or two weeks. We do hope to be able to analyze the data in order to determine exactly which taxpayer’s information has been compromised, and we will notify those taxpayers accordingly.
This, of course, is frustrating those affected since the state had a month’s head start between the attacks and the announcement.
As we were working with other state and federal law enforcement, we knew it was our responsibility there to let the investigation continue just so that we can meet certain benchmarks as stated by the Secret Service,
said a DOR spokesperson.
We do realize that Friday may not have been the best date, but it was the most important date to let taxpayers know that their information was compromised. Again…state and federal law enforcement needed their certain benchmarks in their investigation before we let the general public know about this incident.
And here’s a new wrinkle: authorities are now saying that you should check your child’s information, too. Their information, if it was ever a part of the state’s database, could have been compromised as well.
Organizations have to protect data, and data shouldn’t be on vulnerable systems. If the data is not protected, it will get breached, a security analyst said. He referred to it as “the future of crime.”
Similar Credit Card News:
- [April 12, 2011] Epsilon Security Breach
- [May 4, 2011] Stolen PSN Card Details Appear on Black Market
- [April 24, 2012] Does The Internet Cause Inefficiency and Security Lapses?
- [July 1, 2011] FBI and Secret Service Fight Against Credit Card Hackers
- [December 10, 2012] Former Anonymous Spokesperson Indicted for Credit Card Fraud
- [July 12, 2011] Visa Launches New Security Sense Website
- [September 14, 2011] Chase Waives Fees For Hurricane Irene Victims