Massive privacy breach at US state tax agency

Powered by SC Magazine
 

Governor wants hacker brutalised.

A massive privacy breach in the US state of South Carolina earlier this month saw the personal data of roughly 3.6 million people — including 387,000 credit and debit card numbers — captured by an overseas hacker.

Of the credit card numbers, 16,000 were unencrypted. The rest were encrypted according to Payment Card Industry Data Security Standard (PCI DSS).

The breach at the South Carolina Department of Revenue was discovered on October 10 but a week later, investigators discovered two earlier attempts in September and October.

Security company Mandiant has been engaged to help tighten up processes, the state tax department said.

It has also set up a site to monitor attempts at identity theft after the attack.

South Carolina has a population of approximately 4.7 million, meaning the breach exposed personal information of over three-quarters of the state's residents.

The information included US social security numbers which, when matched to names and addresses, can be used for identity theft.

The Republican governor of South Carolina, Nikki Haley, announced the breach at a media conference and promised to aggressively pursue the miscreant responsible, according to TV station WLTX.

"I want that man just brutalised," Haley said. "I want him slammed against the wall."

Haley did not reveal any further information as to the hacker, but said she knew which overseas country he was in.

This isn't the first time South Carolingian computer systems have been breached and personal data captured, WLTX reported.

In April this year, 230,000 Medicaid patient records were sent via email by an employee of the federal health programme.

As late as August, 34,000 records of students, faculty and researchers were exposed by overseas hackers.

After the April hack, governor Haley had threatened to fire supervisors reponsible should another breach take place at state agencies.

Despite the recent hacks, South Carolina officials thought the state's computer systems, including the ones at the Department of Revenue, were safe.

Copyright © iTnews.com.au . All rights reserved.


Massive privacy breach at US state tax agency
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1065

Vote