South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised
October 26th, 2012
07:56 PM ET

South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised

The Social Security numbers of millions of South Carolinians, as well as credit and debit card information for hundreds of thousands, have been hacked in what the state's governor described Friday as an international cyberattack.

"This is not a good day for South Carolina," Gov. Nikki Haley told reporters.

The governor explained that a "server that warehouses all our taxpayer information was breached and taxpayer information was stolen."

The state's Department of Revenue explained in a press release that it first learned of a possible breach on October 10, after which the state contracted information security firm Mandiant to conduct an investigation.

The "hole" in the system was closed October 20. Over the next several days, state authorities determined that more than 3.6 million Social Security numbers may have been affected. So, too, were 387,000 credit card numbers - though only 16,000 of those were unencrypted.

On Friday, state officials laid out efforts to determine what happened and protect the personal information of taxpayers. While noting that not everyone had their information breached, Haley urged everyone who filed a tax return in South Carolina from 1998 through now to take advantage of credit protection services being offered by the state.

"While we now have it protected, we want to make sure that everybody understands that our state will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem," the governor said.

soundoff (340 Responses)
  1. BobAD

    Just a way for the Republicans to steal IDs to Reg and Vote the State RED.

    October 27, 2012 at 7:48 am | Report abuse |
    • honest john

      SC always votes red anyways.

      October 27, 2012 at 8:11 am | Report abuse |
    • notasmartoneareya

      Makes sense... Except republicans want voter ID laws. Democrats skip all of that unnecessary work and just say they are someone else. With no ID law to challenge who says they aren't?

      October 27, 2012 at 8:24 am | Report abuse |
    • Thatguy371

      So, notasmartoneareya, are you aware of the fact that less than 100 cases of voter fraud happened last election cycle, NATIONWIDE? That is, unless you add in all the fraud perpetrated by the firm the repubs hired to supposedly 'sign up voters'.

      October 27, 2012 at 8:31 am | Report abuse |
  2. Vince P

    It's incomprehensible that Gov. Haley waited over two weeks to inform us our ID and credit card information was in dire risk!

    October 27, 2012 at 8:02 am | Report abuse |
    • Krista

      In addition to what you just said, they knew there was an issue in AUGUST and didn't let us know. Our state government is not informing us of threats that affect us. SHAME ON SOUTH CAROLINA DEPARTMENT OF REVENUE

      October 27, 2012 at 9:08 am | Report abuse |
  3. SilverHair

    SC is not a place to live, work or die. Get out while you still can.

    October 27, 2012 at 8:04 am | Report abuse |
  4. rgcnn

    Is it Windows system?

    October 27, 2012 at 8:07 am | Report abuse |
    • honest john

      Windows Network Security.
      Pick two.

      October 27, 2012 at 8:11 am | Report abuse |
    • J

      Macs are just as easily hacked. Blame Microsoft for having a 90% market share, much easier to hack something that runs 90% of the worlds computers.

      October 27, 2012 at 8:19 am | Report abuse |
  5. Betsy

    This is EXACTLY why we should have never become so dependent on computers for everything pertinent to living/existing... There seems to always be some lowlife out there that wants to compromise society.. If these people rerouted their negative energy into positive energy – what a wonderful world this would beee!!!

    October 27, 2012 at 8:30 am | Report abuse |
    • Jean Sartre

      It is NOT the COMPUTERS fault!

      State governments and corporations are just not up on internet security – it costs money – and they do not want to spend any money!

      Besides that, SS numbers, credits card numbers, banking numbers and all tax and personal information simply should NOT be on a server that can be accessed from any location outside the building!

      October 27, 2012 at 2:31 pm | Report abuse |
  6. Tom

    With this system being run by a government agency, the Sarbanes–Oxley act was probably in force, making them change all the passwords so often that no one can remember them, so they are all written down on yellow sticky notes and posted on the monitor.

    October 27, 2012 at 8:47 am | Report abuse |
  7. SixDegrees

    Why is any of this information stored unencrypted to begin with? The first rule of computer security, stringently practiced at those firms that are successful at it, is: assume the system will be broken into. Everything else you do needs to flow from that assumption, that there is a malicious intruder already present inside your system. That means you are scrupulous about setting file protections, a good password protection system is in place, and all sensitive data is both monitored in real time and encrypted – so even if it gets stolen, it will be worthless.

    These things are hard to do. They're well known. It is astonishing that so much of our personal information is stored on systems that don't even begin to implement these simple, basic measures.

    October 27, 2012 at 8:52 am | Report abuse |
    • Jean Sartre

      Additionally, you need multi-layered levels of security, so that once you get passed the 1st level, you are looking at another and another and another; do NOT make it simple for these cretins...

      October 27, 2012 at 2:35 pm | Report abuse |
  8. CalmDog

    Only 16,000 unencrypted Social Security numbers were stolen. Only 16,000. Well, that's good news.
    Without that 3.6 million number to compare it to, 16,000 stolen SS numbers would have been the lead story by itself.

    October 27, 2012 at 8:59 am | Report abuse |
    • bob572176

      I think it said only 16000 credit cards weren't encrypted not social security numbers they got all those.

      October 27, 2012 at 9:17 am | Report abuse |
  9. Chris G

    And what will the IRS do for you to makeup for this mistake, NOTHING. What do you have to do for the IRS when YOU make a mistake? EVERYTHING

    October 27, 2012 at 9:16 am | Report abuse |
    • Homie

      It wasn't an IRS computer, it was a NC state computer. Try reading the article before jumping to conclusions. Computer security was probably one area that Haley Barbour cut funding for. Now it will cost the state 10 times as much.

      October 27, 2012 at 9:41 am | Report abuse |
    • Chris G

      Thanks for telling me not to jump to conclusions and then instantly following up with "Probably" and jumping to a conclusion about a security budget. Good one, "homie"

      October 27, 2012 at 9:56 am | Report abuse |
    • JohnD

      @Homie You supposedly read the article and determined it was a "NC state" computer. LOL Also, please explain how the ex-governor of Mississippi could cut funding for SC.

      October 27, 2012 at 10:05 am | Report abuse |
    • Jean Sartre

      YOU try READING!

      It was a SC state computer!

      October 27, 2012 at 2:39 pm | Report abuse |
  10. bob572176

    In todays cyber world when are we going to learn that not all important information should be on computers. Every communist, dictator and other forms of government that don't like us are always out to get us. It's called cyber war fare maybe more expensive that a war.

    October 27, 2012 at 9:16 am | Report abuse |
  11. dazzle ©

    @little mister, once again stop hijacking my user name.

    October 27, 2012 at 9:22 am | Report abuse |
  12. john

    It's time to pass a law that puts the responsibility on the 'lender' to verify the individual who is opening an account is indeed the correct individual. It's as obvious to everyone today that having a name and a social security number is not proof of who you are any more than smoking is good for your heath. The same should apply to online purchases. I little more responsibility from those doing the selling would be nice.

    October 27, 2012 at 9:52 am | Report abuse |
  13. jeff

    This is the very reason why the SSI numbers were never intended to be used as a form of ID. Truth be told, the law is that your SSI number is not to be used for any other reason than the SSI program. This article is proof the banking system can't promise a secure system with digital banking, going to a cashless system would be an extreme security risk for everyone.

    October 27, 2012 at 10:04 am | Report abuse |
    • advocatusdiaboli

      Exactly. It's like having one universal password for all your assets begging thieves to crack it and get it all. This is why I am GOP, they are far from perfect, but being conservative is far better than too liberal with things like SSNs. It is better to be too slow with progress butt safe than too fast and make mistakes.

      October 27, 2012 at 10:24 am | Report abuse |
    • tony

      What has the GOP got to do with more SS number security???

      October 27, 2012 at 10:29 am | Report abuse |
    • john

      It was a state run server for filing taxes. Not a banking system.

      October 27, 2012 at 11:01 am | Report abuse |
    • Bill from GA

      Our President (he's a Dem, you know) is trying to get Congress to pass laws tightening network and internet security. But the republican House will not pass anything that Obama wants. In this case, they say it puts too big of a burden on Business.

      October 27, 2012 at 11:40 am | Report abuse |
    • Wes Scott

      advocatusdiaboli, if you will forgive me for saying so, you are an idiot. It was not "liberal" poilicies that started the use of the SSN for everything unrelated to Social Security, and it certainly was not "liberal" ideas that changed our banking laws and tax reporting laws to what they are today. In fact, under the George W. Bish administration, backed by a GOP Congress, much of what we are seeing today in cybersecurity lapses are the direct ressult of intentional amnipulation of the system for the benefit of "severely conservative" people. Don't let facts get in teh way of your anti-luberal bias.

      October 27, 2012 at 12:10 pm | Report abuse |
  14. One Truth

    I would bet money on it that she cut the budget for security on that database. Now how is she going to explain this? I am sure as an upstanding con, she will own the security failure and put a lot of money towards fixing the broken security she dismantled in the name of saving taxes!! I wonder... how those millions of suckers feel now with their party affiliation? They can take their tax cuts all the way to an internet fraud company all too willing to take their cash! Those poor fools!

    October 27, 2012 at 10:07 am | Report abuse |
    • advocatusdiaboli

      AS if Obama has a better way. Yes, she is a Tea Party tool, but Obama is not better.

      October 27, 2012 at 10:21 am | Report abuse |
    • HWB

      You fools can only take your spending habits all the way to Greece and die with those fools.

      October 27, 2012 at 10:28 am | Report abuse |
  15. One Truth

    I am sure the Russians are behind it! Since Mitt wants to go to war with them if he is elected... now he has a good excuse.

    October 27, 2012 at 10:08 am | Report abuse |
    • advocatusdiaboli

      Keep spouting your drivel. I am sure you'll work race baiting in in a post or two.

      October 27, 2012 at 10:22 am | Report abuse |
1 2 3 4 5 6 7 8 9 10 11 12 13