clock menu more-arrow no yes mobile

Filed under:

3.6 million social security numbers exposed in unprecedented South Carolina cyber attack

New, 69 comments
Haley presser screencap
Haley presser screencap

"This is not a good day for South Carolina." That was Governor Nikki Haley's public reaction to news that a foreign hacker had infiltrated South Carolina's Department of Revenue and made off with 3.6 million social security numbers and 387,000 credit/debit card numbers. Of the compromised cards, state officials believe only 16,000 were unencrypted, though the staggering social security breach affects more than half of South Carolina's 4.6 million population. Governor Nikki Haley held a presser earlier this afternoon confirming the attack — first uncovered by WLTX Columbia. “The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens,” said Haley before outlining steps that residents can take to discover if their information was exposed.

Millions of residents risk identity theft

Everyone who has filed a tax return in the state since 1998 is urged to call 1-866-578-5422. If you're among the unlucky millions, you'll be given a code that can be redeemed for a year of identity theft protection through Experian's ProtectMyID service. "I want this person slammed against the wall," said Haley of the perpetrator. Authorities have dismissed the possibility that the attack originated from within the United States and are focusing their search internationally. A number of law enforcement agencies have joined the effort including the FBI and US Secret Service.

Numerous attacks have been detected

An initial attack was launched August 27th, though it's believed no data was stolen during this first attempt. But two additional intrusions were recorded in September according to the Department of Revenue, which was made aware of the situation by South Carolina's IT division on October 10th. "We worked with them throughout that day to determine what may have happened and what steps to take to address the situation," said Director James Etter. "We also immediately began consultations with state and federal law enforcement agencies and briefed the governor’s office.” Security firm Mandiant was recruited to assist in the state's investigation and develop tougher security protocols. Officials have chronicled their response efforts thus far in this document.

Too little, too late

Blindsided by such a sophisticated and malicious attack, Governor Haley signed an executive order calling for the state's government to improve information security policies. Previous regulations were uncoordinated and left South Carolina vulnerable, she said. Cyber security has become a priority of the Obama administration and other government representatives and it stands to reason that a real-world breach of this magnitude will bring that conversation back to the forefront in the days and weeks ahead. If there's any good to come of this, hopefully it will hasten efforts to develop a better and more secure identification system.