Published Oct. 30, 2012
The state Department of Revenue said it doesn’t know if business accounts were compromised by a hacker who broke into the agency’s computer files of tax returns.
“At this point, we’re not sure if corporate information was compromised during the cyberattack on DOR,” said Samantha Cheek, agency spokeswoman, in an email. “As the investigation is still ongoing, we cannot determine at this time exactly who was affected.”
On Friday, the agency announced that 3.6 million Social Security numbers and 387,000 credit and debit card numbers on file have been exposed in a cyberattack launched from outside the United States.
The DOR said that the vast majority of credit cards are protected by strong encryption, but about 16,000 of the card numbers are not encrypted.
DOR Director James Etters said today that unencrypted credit card numbers were also expired.
The S.C. Chamber of Commerce, which represents the state’s business community, said it was keeping its members in the loop.
“We are helping to inform our members and their employees on the steps to take to protect their information,” said Julie Scott, chamber spokeswoman.
Earlier today, Gov. Nikki Haley reported that 287,000 people have signed up for a free year’s worth of credit protection that the state is offering through Experian, a global credit reporting firm.
The state and Experian agreed to cap costs for the service, which is supposed to uncover any theft of data, at $12 million, Haley added.
People may call 866-578-5422 to find out if their information may have been hacked and set up a free credit monitoring account, state officials said. The call center is open 9 a.m. to 9 p.m. Monday through Friday, and 11 a.m. to 8 p.m. Saturday and Sunday.
People may also visit protectmyid.com/scdor. The site requires the activation code “scdor123” to launch the account. Once the account is opened, the website will ask for some personal information.
Taxpayers have until Jan. 31 to sign up for the service, which is retroactive.
Haley added that the service includes a $1 million identity theft insurance policy to help cover certain costs including, lost wages, private investigator fees and unauthorized electronic fund transfers.
On Oct. 16, investigators learned that two attempts to probe the system were made in early September, and that a previous attempt was made in late August.
In mid-September, two other intrusions occurred, and to the best of the department’s knowledge, the hacker obtained data for the first time.
“No other intrusions have been uncovered at this time. On Oct. 20, the vulnerability in the system was closed and, to the best of the department’s knowledge, secured,” the agency said.