South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised
October 26th, 2012
07:56 PM ET

South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised

The Social Security numbers of millions of South Carolinians, as well as credit and debit card information for hundreds of thousands, have been hacked in what the state's governor described Friday as an international cyberattack.

"This is not a good day for South Carolina," Gov. Nikki Haley told reporters.

The governor explained that a "server that warehouses all our taxpayer information was breached and taxpayer information was stolen."

The state's Department of Revenue explained in a press release that it first learned of a possible breach on October 10, after which the state contracted information security firm Mandiant to conduct an investigation.

The "hole" in the system was closed October 20. Over the next several days, state authorities determined that more than 3.6 million Social Security numbers may have been affected. So, too, were 387,000 credit card numbers - though only 16,000 of those were unencrypted.

On Friday, state officials laid out efforts to determine what happened and protect the personal information of taxpayers. While noting that not everyone had their information breached, Haley urged everyone who filed a tax return in South Carolina from 1998 through now to take advantage of credit protection services being offered by the state.

"While we now have it protected, we want to make sure that everybody understands that our state will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem," the governor said.

soundoff (340 Responses)
  1. Frank Pierce

    Cyber security or insecurity?

    October 28, 2012 at 12:04 am | Report abuse |
  2. Steve Lyons

    Here is a radical solution to stopping refund fraud.

    Stop collecting income taxes all together.

    Here is the reasoning. If government collects taxes (fees) for services rendered, they do not owe anyone for excess taxes paid. By eliminating the need for any refunds, they eliminate an entire opportunity for fraudulent refunds.

    October 28, 2012 at 12:10 am | Report abuse |
    • GregB

      Well said

      October 28, 2012 at 12:55 am | Report abuse |
  3. Jason

    Hmmmm is the article truth, or fiction.

    October 28, 2012 at 3:20 am | Report abuse |
  4. Michael

    @66Biker _ I think Hug's point was basically that if the state had been in compliance with PCI-DSS and had actually encrypted the portion of the SSN that should have been obfuscated than there would be no worry and the state wouldn't be in the news. The fact that this is a story points to the idea that they were not in compliance. Personally I like it, keeps IT security guys like me employed. And also supports my continuing and ongoing argument that management is not to be listened to when it comes to security. Mgmt. is always worried about the bottom line in terms of "make it easy for the employee" to remember passwords etc.

    My advice, leave it to us "paranoid" IT security folks and in the long run our strategic "paranoia" will keep the bottom line secure and businesses out of the news for such stupidity.

    October 28, 2012 at 3:41 am | Report abuse |
  5. Pat

    Will social security checks be involved in this since they have ss numbers?

    October 28, 2012 at 4:04 am | Report abuse |
  6. mike

    It's a red state, the worst that can happen is someone else gets their food stamps.

    October 28, 2012 at 4:09 am | Report abuse |
  7. griffbos

    my question is why some 17 days after they knew the State is now releasing this information, the public should have been warn much sooner, and why did it take 10 days to close the hole in their securitythey saying penney wise pound foolish comes to mind here...............

    October 28, 2012 at 5:30 am | Report abuse |
  8. TheBob

    Nikki Haley is known to be quite loose with the caboose. It's not surprising that her state is also loose with the goods. Nikki has several unsecured holes herself, which have been breached numerous times. It's all good.

    October 28, 2012 at 7:18 am | Report abuse |
  9. TeenBo

    And now we're supposed to trust the government with all of our medical information too?

    October 28, 2012 at 8:11 am | Report abuse |
  10. JoSchmo

    She probably sold them to her friends and family in India so they can come here and take our jobs - or steal our retirement. Don't EVER trust an Indan - they take care of their own.

    October 28, 2012 at 8:35 am | Report abuse |
    • Randomgirl

      The article never mentions anything about India. Looks like you have something against Indians.... FYI, Indian community has lowest crime rate in US, they are the most law abiding minority that US can have.
      Anyways, please dont base your opinions depending on few experiences you may have had.

      October 28, 2012 at 9:09 am | Report abuse |
    • randy

      yes the Indies are wonderful people. But I am tired of them winning our jobs by undercutting bids.

      October 30, 2012 at 7:34 am | Report abuse |
  11. Connie

    The joke is on them if they hacked mine

    October 28, 2012 at 8:59 am | Report abuse |
  12. Kevin Gipson

    People that hack deserve capitol punishment.

    October 28, 2012 at 9:23 am | Report abuse |
    • Nunya

      Actually it serves a good purpose. Finds holes in the security systems. Make us better prepared for the cyber wars to come.

      October 28, 2012 at 9:46 am | Report abuse |
    • dr blais

      some hacks are evil just like with any group of people there are some bad people in it. wall street bankers and politicians are more dangerous as whole to society. most hackers are not evil. most of them do more good than harm. if you like your smart phone and your PC thank a hacker for helping make it possible.
      They.should not go to jail .they should be offered jobs in improving security..

      October 28, 2012 at 1:33 pm | Report abuse |
  13. Alkebu

    At this stage of the game, someone should at the very least loose their job over this transgression simply because the federal, state, and local governments should be very aware and savvy enough to thwart this sort of "Cyber Crime"... So no more excuses for information mining and corporate espionage. This nation should be able to guarantee all personal information security.

    October 28, 2012 at 9:29 am | Report abuse |
    • dr blais

      recall all republicans yep they run that state

      October 28, 2012 at 1:34 pm | Report abuse |
  14. Shari Poole

    I was a victim of this on sunday October 28. Many Internet purchases were made using my debit card. The bank put a freeze on my account. I am very upset that our state government was so irresponsible with my personal information. You offer free credit reporting. Who is paying for this? I am guessing me, a tax payer of South Carolina. I am VERY DISAPPOINTED. Someone is not doing their job and probably shouldn't be employed.

    October 29, 2012 at 11:46 am | Report abuse |
    • randy

      I am sorry you were compromised. What is bad too is that it is going to cost the taxpayers millions upon millions to undo this hack.

      hey Govenor! who was the sub contractor that hosted the data?

      October 30, 2012 at 7:30 am | Report abuse |
    • tazgadon

      The worst part is you do nothing companies lose your information and you have to pay for it...not to mention all of a sudden credit protection agency are making a killing.

      November 4, 2012 at 4:12 pm | Report abuse |
  15. ColaSouthCarolina

    SHE'S NOT FROM INDIA!!! SHE'S INDIAN – A NATIVE AMERICAN INDIAN

    October 29, 2012 at 12:22 pm | Report abuse |
    • Kat

      Nope. A two second look at Wikipedia would confirm for you that her family is Indian. F for effort.

      October 29, 2012 at 12:38 pm | Report abuse |
1 2 3 4 5 6 7 8 9 10 11 12 13