The state of South Carolina is now alerting millions of people that their personal and financial information may have been compromised in a massive cyber attack.
The South Carolina Department of Revenue was hit with a hacking attack that exposed about 3.6 million Social Security numbers of those who filed their taxes with the state from 1998 to today, according to a report from the agency. In addition, another 387,000 debit and credit card numbers may have been exposed as well, including 16,000 which were unencrypted. The rest were believed to have been protected with the most stringent encryption standards currently available.
“On October 10, the [South Carolina] Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers,” said Department of Revenue director James Etter. “We worked with them throughout that day to determine what may have happened and what steps to take to address the situation. We also immediately began consultations with state and federal law enforcement agencies and briefed the governor’s office.”
By October 16, the state uncovered more attacks which had taken place in August and September, the report said. However, only two attacks in the middle of the latter month resulted in the theft of data. As of October 20, the problem with the system’s security was fixed.
The state is offering a year of free identity protection to anyone who filed taxes in the 14-year period, but is still urging potential victims to keep an eye on their credit reports, and place fraud alerts on those documents with the three major credit bureaus, the report said. In some cases, it may even be a good idea to put freezes on financial and credit data with those reporting agencies. Further, if consumers believe their credit or debit card data has been compromised, contacting the financial institutions that issued the card can clear the problem up quickly.
Data breaches as a result of hacking have become quite common in the last few years, and therefore, greater vigilance on the part of both the organizations protecting sensitive data, and consumers themselves may be necessary to ensure that the damage caused when these attacks take place remains as limited as possible.
Image: Joe Shlabotnik, via Flickr