South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised
October 26th, 2012
07:56 PM ET

South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised

The Social Security numbers of millions of South Carolinians, as well as credit and debit card information for hundreds of thousands, have been hacked in what the state's governor described Friday as an international cyberattack.

"This is not a good day for South Carolina," Gov. Nikki Haley told reporters.

The governor explained that a "server that warehouses all our taxpayer information was breached and taxpayer information was stolen."

The state's Department of Revenue explained in a press release that it first learned of a possible breach on October 10, after which the state contracted information security firm Mandiant to conduct an investigation.

The "hole" in the system was closed October 20. Over the next several days, state authorities determined that more than 3.6 million Social Security numbers may have been affected. So, too, were 387,000 credit card numbers - though only 16,000 of those were unencrypted.

On Friday, state officials laid out efforts to determine what happened and protect the personal information of taxpayers. While noting that not everyone had their information breached, Haley urged everyone who filed a tax return in South Carolina from 1998 through now to take advantage of credit protection services being offered by the state.

"While we now have it protected, we want to make sure that everybody understands that our state will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem," the governor said.

soundoff (340 Responses)
  1. advocatusdiaboli

    As long as we have a governments more focused on fleecing the middle class (the rich NEVER pay taxes) for spending money on handouts. illegals, and welfare instead of spending the monies to benefit the middle class including protecting their dwindling wealth, this will continue. Vote for Obama if you like it how it is. Don't if you don't

    October 27, 2012 at 10:20 am | Report abuse |
    • Liberty Queen

      Lissen up, junior. The Shrub in Chief was brought into the presidency through a rigged election in 2000, specifically, by illegally altering the results in Florida which included, among other things, blocking off streets and preventing Black voters from getting to the polls, removing the names of Black voters from the polls, rigging the republican-owned Diebold voting machines, etc., ad infinitum. If it weren't for Obama, you would be in a bread line. And YES, my family is better off financially today that it was four years ago when we got rid of the hitlerwannbe and the jack-booted na zi republicans. And the Toilet Party, which is nothing but a bunch of white, womanhating, racist lardbutts whose only skill in life is sitting in front of the tv stuffing their self hating fat faces, need to do us all a favor and take their guns and shoot themselves. Obama/Biden already has the election in the bag, thank the Goddess! And we will keep the Senate and retake the House to prevent these na zis from their new world order. Power to the People!

      October 27, 2012 at 11:12 am | Report abuse |
    • Wes Scott

      Liberty Queen, the Diebold voting machine fiasco is not a thing of the past. Diebold sold out their voting machine business to Hart InterCivic which has, as one of its major owners, none other than Tagg Romney, son of Mitt Romney – the same guy who stated that he would like to take a swing at Obama. If you were concerned about vote rigging during the 2000 and 2004 elections, then you should be very concerned this time because now many voting machines being used in Texas, Ohio, Florida and several other states are owned and controlled by the son of the GOP candidate.

      If this bothers you, then call the Department of Justice and demand that any voting machines of a company owned by anybody with a direct or indirect vested interest in the outcome of this election be barred from being used. Also, demand that some organizations with deep pockets spend the money to file a demand for injunctive relief in the form of an injunction issued by a court of law barring use of those machines in this election.

      October 27, 2012 at 5:01 pm | Report abuse |
  2. Rich 3

    And the TP wants to deregulate everything....Like the contaminated spinal injections...They will regulate themselves...yea right...

    October 27, 2012 at 10:33 am | Report abuse |
  3. Jim

    Well, I guess you better stay in NYC, where the cops are cooking and eating women.

    October 27, 2012 at 10:37 am | Report abuse |
  4. Rich 3

    At least the gov doesn't have to worry as she probably hasn't paid state taxes in years

    October 27, 2012 at 10:40 am | Report abuse |
  5. Johntheman

    Damn diehard didn't you even take the time to read the article before you started spouting off ???
    It was the state's server which holds their tax information that was hacked !!!
    Damn man sometimes you just haven't got your sh- t together at all !!!

    October 27, 2012 at 10:55 am | Report abuse |
    • AGeek

      The obligation on the state is to *encrypt* the data so it's not sitting there like ripe cherries, waiting to be picked.

      October 28, 2012 at 9:15 am | Report abuse |
  6. Liberty Queen

    GOP (GeezersOrPigs) are conservatives? More like jack-bootedna zis. We will retain Obama's Presidency, the Democratic Senate and we will take back the House from these criminals who did everything they could to bring down the U.S. and world economy with the Shurb in Chief (2000 rigged election and 2004 more of the same). The gop are nothing but a bunch of womanhat ing naz is with "legitimate ra pe" (Todd Akin, republican) and "ra pe is a gift from god" (Richard Mourdock). Women for Obama/Biden 2012!

    October 27, 2012 at 10:57 am | Report abuse |
  7. rswon

    Do you actually WORK in IT. I doubt it. I work in a group that manages about $5 million dollars worth of servers, Linux, Solaris, Mac and Windows. Guess what? They ALL have vulnerabilities. We are constantly pushing out updates.

    October 27, 2012 at 11:03 am | Report abuse |
    • sanchanim

      So unless the hackers were able to decrypt the information they only really had immediate access to about 16,000 numbers.
      I am interested on how they were able to access what should be an internal system, for the most part. It is good that most of the data was encrypted, as that is your last level of protection. You can certainly limit port access, IP subnet access, and use two factor authentication.
      I would hope that other states would work with South Carolina and begin to implement stronger security policies. A lot of post mortem will need to be completed on this to find out exactly what happened, and how to prevent others from falling to the same type of attack.
      Nothing is totally safe, but IT security is risk mitigation. In this instance they mitigation was not strong enough. My only hope is that they will share their findings with others to strengthen the systems for all states as a whole.

      October 27, 2012 at 3:22 pm | Report abuse |
    • CBA in SC

      Actually, if you can believe it, the SSN's were **not** encrypted! That's what has me mad more than anything about his whole situation.

      October 27, 2012 at 8:18 pm | Report abuse |
    • nonliterit

      then you should at least encrypt all the life altering info we willing allow you, our employees, to hold for us. If you want to espouse the high tech equipment that is "so much more efficient" and promised, swore to, was safeguarded. So all you high tech guys cant guarentee crap. why do you call yourselves professionals. The equiipment is useless if you cannot safeguard the financial info of your employers. Go back to hardcopies and files til you sort it out. Until you do, you are snake oil salesmen.

      October 27, 2012 at 3:50 pm | Report abuse |
  8. arw

    "Experts agree that this type of deviant behavior is generally the result of living in close quarters, such as trailer parks"

    As I recall, a good amount of southerners are agriculturally based, you cannot produce crops in a 'trailer park'. It takes acres of land which most of us southerners have. However, bigger cites usually have cramped living in high rise apartments and town homes correct? So I completely agree that deviant behavior does come from living too close to other people.

    And to submit to the "southern ignorance" so many like to paint us with, ya'll up there in those big cities should really work on buying ya'll some land before some type of deliverance incident happens, bless your hearts.

    Sincerely,
    A South Carolina woman with all of her teeth, a mother and father who are in fact NOT related, and a BS in engineering.

    October 27, 2012 at 11:27 am | Report abuse |
  9. DavidL

    LOL advocatusdiaboli is a perfect example of GOP brainwashing. It is THEY, my friend, who are the ones who want to be able to control a cashless society, not the other way around. That's how brainwashing works, white is black and black is white. It's your world and welcome to it. The rest out us will gladly stay out of it. Thanks!

    October 27, 2012 at 11:28 am | Report abuse |
  10. DavidL

    Paul hit it right on the head. He is exactly right, and it is no wonder this happened in a CONservative state.

    Pauls' neds are fine....it's the republican meds that are the problem. Check yours.

    October 27, 2012 at 11:30 am | Report abuse |
  11. New Zealand

    711 Bat miss you

    October 27, 2012 at 11:34 am | Report abuse |
  12. boyscout

    Remind me again exactly what our "governmet" protects us from....................... I am not seeing it...

    October 27, 2012 at 11:36 am | Report abuse |
  13. boyscout

    Actually it would not surprise me at all if the hack was a guise and they sold the info to some corporation to bolster their piggy bank

    October 27, 2012 at 11:38 am | Report abuse |
  14. Equitable Response

    Credit monitoring services is a reasonable response from a bank not from the state. How about efforts to change those SSNs stolen. Working with Credit Card Companies to issue new Credit Card numbers. Maybe it's just me but If I just stole thousands of SSNs I would sit on them for 5-10 years until the people thought it all passed and then exploit them.

    How about a real solutions like:
    * encryption
    * social security number reform to uphold the law that it not be used for anything other than social security. i.e. a unique state tax id

    The response for the governments failure to adequately protect the tax information is stupid.

    Government says you must pay us or you will be fined. Continued failure to pay may result in charges and jail time. So the citizens comply. However, we will keep this on a server without having all the information encrypted. After the information is hacked the declaration is that the state is "that our state will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem" and just how is that large-scale plan going to be paid for? Oh, right more taxes.

    October 27, 2012 at 11:43 am | Report abuse |
  15. Bill from GA

    I would normally disagree with this kind of statement, but since the conservative republicans have taken over politics down here, those kind of statements seem to be more valid.

    That, and all the Yankee Carpetbaggers that come South for the better quality of life. But that's like peeing into a clear stream; the more that do it, the less sweet the water.

    October 27, 2012 at 11:47 am | Report abuse |
1 2 3 4 5 6 7 8 9 10 11 12 13