"Approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers have been exposed in a cyber attack," the South Carolina Department of Revenue announced on October 26, 2012. Anyone who has filed a tax return in South Carolina from 1998 through 2012 may have had their Social Security number, credit card number or debit card number compromised by the data theft. The Department of Revenue has set up a special telephone hotline (1-866-578-5422) and special Web page (http://www.sctax.org/security.htm) to assist South Carlina taxpayers.
"This incident affects more than three-quarters of South Carolina's 4.6 million population," reports Anthony Kosner at Forbes.
South Carolina's Governor Nikki Haley said, "We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected."
State government officials urged taxpayers to review their credit reports, place fraud alerts with credit reporting bureaus, and to place security freezes with the credit bureaus.
Taxpayers may also consider monitoring their bank and credit card statements closely for transactions they do not recognize.
South Carolina's Division of Information Technology informed the Department of Revenue of a potential attack on their computer network systems involving the theft of taxpayer data on October 10, 2012, and investigations were begun. On October 16, investigators discovered that at least five attempts had been made to probe the Department of Revenue's computer systems and that data had been stolen in mid-September. The state claims that the security vulnerability was closed by October 20, and that their computer system is now "to the best of the department's knowledge secure." A more detailed chronology of the events that transpired is available on the Department of Revenue's Web site.
"The breach is easily the biggest involving Social Security Numbers this year," reports Jaikumar Vijayan at NetworkWorld. "The previous biggest loss of SSNs this year happened when hackers believed to be operating out of East Europe broke into a Medicaid server at the Utah Department of Health in March and accessed closed to 280,000 SSNs and close to 500,000 other records involving less sensitive personal data."
USA Today reports this is "one of the largest computer breaches in the state or nation."
The Clarion Ledger reports, "The officials' actions, however, are shrouded in mystery. [State Law Enforcement Department Chief Mark] Keel and representatives of the Secret Service refused to say whether taxpayers paid a ransom to the hacker to retrieve the database." The Ledger also notes that "officials refused to say whether the database has been retrieved" and "refused to answer the question of whether the database may have been copied."