A massive privacy breach in the US state of South Carolina earlier this month saw the personal data of roughly 3.6 million people — including 387,000 credit and debit card numbers — captured by an overseas hacker.
Of the credit card numbers, 16,000 were unencrypted. The rest were encrypted according to Payment Card Industry Data Security Standard (PCI DSS).
The breach at the South Carolina Department of Revenue was discovered on October 10 but a week later, investigators discovered two earlier attempts in September and October.
Security company Mandiant has been engaged to help tighten up processes, the state tax department said.
It has also set up a site to monitor attempts at identity theft after the attack.
South Carolina has a population of approximately 4.7 million, meaning the breach exposed personal information of over three-quarters of the state's residents.
The information included US social security numbers which, when matched to names and addresses, can be used for identity theft.
The Republican governor of South Carolina, Nikki Haley, announced the breach at a media conference and promised to aggressively pursue the miscreant responsible, according to TV station WLTX.
"I want that man just brutalised," Haley said. "I want him slammed against the wall."
Haley did not reveal any further information as to the hacker, but said she knew which overseas country he was in.
This isn't the first time South Carolingian computer systems have been breached and personal data captured, WLTX reported.
In April this year, 230,000 Medicaid patient records were sent via email by an employee of the federal health programme.
As late as August, 34,000 records of students, faculty and researchers were exposed by overseas hackers.
After the April hack, governor Haley had threatened to fire supervisors reponsible should another breach take place at state agencies.
Despite the recent hacks, South Carolina officials thought the state's computer systems, including the ones at the Department of Revenue, were safe.