South Carolina suffers theft of 3.6M social security numbers

South Carolina suffers theft of 3.6M social security numbers

Summary: A hacker has compromised a server holding social security numbers and credit card information belonging to South Carolina residents, but the state is not going to go down without a fight.

SHARE:

A server holding taxpayer and credit card information of residents of the US state of South Carolina has been breached, resulting in the exposure of 3.6 million social security numbers and 387,000 credit cards.

In a press conference late last Friday in the US, representatives from the state Department of Revenue confirmed the breach and the fact that, of the credit cards, 16,000 were stored without encryption.

State Law Enforcement Division Chief Mark Keel told reporters that the investigation so far had revealed that the intrusion had occurred as early as August 27 this year, and had confirmed that the IP address through which the attack originated was foreign in nature.

US Secret Service Agent Michael Williams said that its agency received information regarding a possible incident on October 10, and it was at this point that other law enforcement agencies and the governor were informed of the breach.

As part of its response, independent information security company Mandiant was engaged to provide advice on how to proceed. Mandiant Director Marshall Heilman said that its first steps were to remove the attacker's known access, deter the attack with additional security measures, and enhance the systems' logging to enable law enforcement to detect if the attacker returned.

"These types of breaches are not uncommon — they actually happen every day. Most of them do not make the news, unless they are very large," Heilman said.

South Carolina Governor Nikki Haley has already appointed Inspector General Patrick Maley to further look at the state's information security measures. Maley said that its first plan of order is to establish a full time task force to examine each of the state's systems and "triage" them.

But Haley is not just taking a defensive approach to the breach, stating that she wants the person held accountable for their actions, and "slammed against the wall."

"South Carolina has come under attack, but South Carolina is going to fight back in every way possible," she said.

"It's no longer about just inside hackers, it's about international hackers.”

"Our state will respond with a big, large-scale plan that is somewhat unprecedented, to take care of this problem."

However, with the investigation still ongoing, Keel has stated that "no further information regarding specifics of the investigation will be released at this time," as the disclosure of more information could hinder efforts to bring the hacker to justice.

Haley asked South Carolina residents for patience, stating that "when any law enforcement division tells you, 'this will hurt our situation for this to get out', we need to be conscious of the fact that we need to let them to their job."

"What were my instructions to [law enforcement]? Slam him to the wall. The only way I can make sure that can happens is that I give them the ability to do their job without any confusion, and be able to get this person. That's what I want. I want to be able to get this person and make sure he can never do this to any body or any state."

Topics: Security, Government, Government US

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • coverup of incompetence

    There is no excuse for credit card data to be unencrypted.

    This is a typical political scam to coverup the damage they did. Everyone knows better than to believe the Governor's lame explanation for censorship of questions about this.
    rp518
    • Nikki take it in the ass

      Nikki Nikki Nikki.
      Busty rusty
  • Please change the headline

    Clearly the headline and article don't match. How about "South Carolina Gives Sensitive Financial Information To Criminals"? That is a closer match. The 'suffering' involved won't be South Carolina's, it will be that of those who's information was put out for the taking and then were not told about it. There need to be criminal sentences and jail time for those who allowed it and those failed to detect it and those who covered it up for so long. Not that these are remotely likely.
    zdnet@...
  • Oh yea

    Now that the horse is gone lock that barn door.
    Altotus
  • Typical Republican response!

    The governor doesn't want to take any responsibility at all!
    jon6er
  • Nikki blows more hot air than hurricane Sandy

    Nikki Haley talks tough but the damage is done. When she should have been taking care of the state of South Carolina's business she was on FOX news stumping for Romney. She figures she'll get a nice federal appointment if he gets elected and someone else will have to clean up her mess. They knew about this in August it is now almost November, guess who will pay for all this ID theft protection and this new task force. The citizens of South Carolina will get screwed twice.
    saminsc
  • Slamed against the wall?

    The people who should be slammed against the wall are the officials in SC that didn't protect the data and who tried to cover it up instead of warning the citizens that were effected. The SC police have no ability or power to fine the hacker in Europe and arrest him. The only people who will get slammed to the wall are the citizens whose data was lost. How about a class action suit against Nikki Haley and her underlings for misfeasance and nonfeasance?
    john_gillespie@...