A hacker from outside the United States has breached security of state Department of Revenue computers, possibly gaining access to Social Security numbers of 3.6 million taxpayers, and another 387,000 credit and debit card numbers, the agency said.
Published Oct. 29, 2012
About 3.6 million Social Security numbers and 387,000 credit and debit card numbers on file at the S.C. Department of Revenue have been exposed in a cyberattack launched from outside the United States.
The state agency said that the vast majority of credit cards are protected by strong encryption, but about 16,000 of the card numbers are not encrypted.
People may call 1-866-578-5422 to find out if their information may have been hacked and set up a free credit monitoring account, state officials said. People may also visit protectmyid.com/scdor. The site requires the activation code “scdor123” to launch the account. Once the account is opened, the website will ask for some personal information.
James Etter, director of the state Revenue Department, said his agency was contacted Oct. 10 by the state Division of Information Technology and informed about “a potential cyberattack involving the personal information of taxpayers.”
“We worked with them throughout that day to determine what may have happened and what steps to take to address the situation. We also immediately began consultations with state and federal law enforcement agencies and briefed the governor’s office,” he said.
The agency then contracted Mandiant, an information security company, to assist in the investigation, help secure the system, install new equipment and software, and institute tighter controls on access.
On Oct. 16, investigators learned that two attempts to probe the system were made in early September, and that a previous attempt was made in late August.
In mid-September, two other intrusions occurred, and to the best of the department’s knowledge, the hacker obtained data for the first time.
“No other intrusions have been uncovered at this time. On Oct. 20, the vulnerability in the system was closed and, to the best of the department’s knowledge, secured,” the agency said.
At a Monday news conference, Gov. Nikki Haley said about 455,000 people had dialed the help line that was installed and 154,000 had signed up for the credit monitoring service. Over the weekend, constituents complained about the line being clogged with calls.
Haley said the lines on Monday morning were being manned by 300 people and the average hold time was 12 minutes.
Anyone who has filed a South Carolina tax return since 1998 could be a victim.
Affected taxpayers can immediately enroll in one year of identity protection service provided by Experian, state officials said. People will have access to the free credit reporting service if they sign up by Jan. 31.
State officials also urge individuals to consider additional steps to protect their identity and financial information, including:
If credit card information is compromised, the best protection is to have the bank reissue the card, the state said. Anyone who has used a credit card in a transaction with the Department of Revenue should check bank accounts regularly to see if any unauthorized charges have occurred.
Consumers should also change any credit card Web account passwords immediately when unauthorized charges are detected.