Attacker grabs data for 3.6 million South Carolina taxpayers; governor wants to see culprit "brutalized"

Filed Under: Data loss, Featured, Law & order, Security threats, Vulnerability

Any US citizen who has filed a state tax return in South Carolina since 1998 is now at risk, thanks to a hacker breaking into one of its sites and accessing data that the Department of Revenue failed to encrypt.

That's about 3.6 million Social Security numbers, or 77% of the state's population.

Social security numbers. Image from Shutterstock

Another 387,000 credit and debit card numbers were also exposed in an internet attack that the SC Department of Revenue announced on Friday.

Most of the credit card numbers were encrypted, while some 16,000 were not, government officials said in a press conference in Columbia, SC.

Social Security numbers also lacked protection, they said.

The state discovered the breach on 10th October but waited 16 days to inform the public.

Gov. Nikki Haley and State Law Enforcement Division Chief Mark Keel defended the delay, saying that investigators needed the time to gather evidence and to try to track down the attacker.

Keel said:

"When this breach occurred and it was discovered … it took a while for experts to determine how much data had actually been compromised."

"It was important that we had the time to work through our investigation so that we would have enough evidence to prosecute this person."

Haley called the breach "unprecedented" for her state, according to the Charleston Post & Courier,.

US Secret Service agent Mike Williams said the breach was one of the largest his agency has ever handled.

So far, they haven't implicated the culprit(s) but have said that the attack came from a foreign source.

The governor, for one, has a good idea of the penalty she'd like to see meted out.

WIS-TV quoted her:

"I want this person slammed against the wall. … I want that man just brutalized."

According to news reports, officials have determined that the attacker first probed the system on 27th August.

Six days after the breach was discovered on 10th October, officials uncovered two attempted system probes that the attacker tried in early September.

Later in September, the attacker breached the system twice.

Investigators believe that this is when the hacker first obtained data, including taxpayers' personal information.

Officials haven't yet discovered any other intrusions.

The department closed the vulnerability on 20th October and, as far as the department knows, secured it.

Governor Nikki HaleyHaley said that she knows where the attack originated, saying the source was outside the United States. She declined to reveal the location, saying she couldn't jeopardize the ongoing investigation.

The state is asking that those who've filed a state tax return since 1998 visit protectmyid.com/scdor, a complimentary membership to Experian's credit monitoring service, or call 1-866-578-5422 to determine if their information is affected.

Was it wrong to delay the announcement?

Unfortunately not, in my opinion, just as I feel it was right for Barnes & Noble to delay in informing the public after it first discovered that hackers had recently hijacked PIN pad numbers.

In both South Carolina and Barnes & Noble's attacks, investigators must have time to track down intruders.

Would brutality and smashing attackers against a wall succeed in stopping cyber attacks?

Probably not, but we'll assume the governor was speaking hyperbolically, being a bit riled up.

But while brutality and walls may not productively play into cyber defense, protection such as encryption can and should.

Perhaps the governor should, gently, use that wall to line up the revenue department officials who should have protected taxpayer data in the first place.


Social security cards image from Shutterstock.

, , , , , , , ,

You might like

7 Responses to Attacker grabs data for 3.6 million South Carolina taxpayers; governor wants to see culprit "brutalized"

  1. Ernie · 540 days ago

    Who's to say it was a man? Would she say okay to brutalize a woman? Ah yes politics.

  2. JohnMWhite · 540 days ago

    Why are we getting to a place where politicians feel comfortable suggesting in public that police slam people against walls and brutalize them? That is not remotely edifying or encouraging and the governor should be ashamed, but it appears this wild west mentality is spreading through political rulers who think police forces are their personal army against anybody who annoys them.

    Hacking is a crime (obviously) but so is incitement to violence. Imagine the outcry if the citizenry were to suggest that politicians who betray their trust should be slammed against a wall and beat with clubs. Or is it ok because she's only talking about a dirty foreigner? What an embarrassment of a political leader.

    • Stacie · 539 days ago

      I've seen more than a few folks on this site and others express similar thoughts about hacker punishment and politicians; so to me, she's no more embarrassing than the next individual to post who thinks malicious hackers should be beat or executed :)

  3. Snert · 540 days ago

    Methinks she was speaking metamorphically. But if people who do such crimes were, in fact, brutalized, the next one might think two or three times before trying. If I catch you robbing me, I'm going to do something, probably voilent, to you and we'll both face the consequences.
    And what's so wrong with politicians who betray their trust getting what for? If that was the way things went, there'd be a lot less betrayal and a lot more honesty.

  4. chuckanw · 540 days ago

    What stops the USG from issuing new SSNs to these people??

  5. raymond · 539 days ago

    I think the officials who were in charge of security should be sacked for incompetence and negligence.

  6. Lamby · 538 days ago

    Who said the "hacker" was a man.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.