Massive privacy breach at US state tax agency

Powered by SC Magazine

Governor wants hacker brutalised.

A massive privacy breach in the US state of South Carolina earlier this month saw the personal data of roughly 3.6 million people — including 387,000 credit and debit card numbers — captured by an overseas hacker.

Of the credit card numbers, 16,000 were unencrypted. The rest were encrypted according to Payment Card Industry Data Security Standard (PCI DSS).

The breach at the South Carolina Department of Revenue was discovered on October 10 but a week later, investigators discovered two earlier attempts in September and October.

Security company Mandiant has been engaged to help tighten up processes, the state tax department said.

It has also set up a site to monitor attempts at identity theft after the attack.

South Carolina has a population of approximately 4.7 million, meaning the breach exposed personal information of over three-quarters of the state's residents.

The information included US social security numbers which, when matched to names and addresses, can be used for identity theft.

The Republican governor of South Carolina, Nikki Haley, announced the breach at a media conference and promised to aggressively pursue the miscreant responsible, according to TV station WLTX.

"I want that man just brutalised," Haley said. "I want him slammed against the wall."

Haley did not reveal any further information as to the hacker, but said she knew which overseas country he was in.

This isn't the first time South Carolingian computer systems have been breached and personal data captured, WLTX reported.

In April this year, 230,000 Medicaid patient records were sent via email by an employee of the federal health programme.

As late as August, 34,000 records of students, faculty and researchers were exposed by overseas hackers.

After the April hack, governor Haley had threatened to fire supervisors reponsible should another breach take place at state agencies.

Despite the recent hacks, South Carolina officials thought the state's computer systems, including the ones at the Department of Revenue, were safe.

Copyright © . All rights reserved.

Massive privacy breach at US state tax agency
Top Stories
Toll Group to go Google
Poaches Woolworths project manager.
How News Corp's CIO tackled skills in his race to the cloud
What to do when your team’s talents are no longer needed.
Photos: How Thodey transformed Telstra
From turbulent Trujillo to Australia's leading telco.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.