Up to 657,000 businesses hit in South Carolina hack

As the investigation into the South Carolina breach continues, security firm Mandiant has found that up to 657,000 businesses may have been compromised.
Written by Michael Lee, Contributor

The security company investigating the South Carolina breach has found new evidence that up to 657,000 businesses are potentially at risk of attack.

Last week, it was revealed that a server holding taxpayer and credit card information belonging to South Carolina residents was breached by an international hacker, exposing 387,000 credit cards and 3.6 million social security numbers. The company hired by the US Secret Service to investigate the breach, Mandiant, has now found that up to 657,000 businesses may also have been compromised.

South Carolina Governor Nikki Haley confirmed that businesses were affected during a press conference this week, but stated that from the batch of information currently available, 657,000 represented the maximum number and that due to duplicates of information, the number of businesses effected could be lower.

Haley and the state Department of Revenue is now the subject of a class action lawsuit headed up by former Richland County Senator John Hawkings, who operates Hawkings Law Firm. Hawkings described the breach as a Category 5 "cyber hurricane", and based the lawsuit on Haley and the department being negligent to prevent the breach and failing to notify the public of it in a timely manner.

"For Governor Haley to say this hacking was not preventable is like saying we can't prepare for hurricanes because we don't know they're coming. In this day and age, we know we're going to get a certain amount of hurricanes, and we know hackers are going to try to get our information. That's why we take reasonable steps to prepare for both."

When questioned on the lawsuit, Haley smiled and dismissed Hawkings' attack, stating that "there is a trial lawyer with a hand out and a tissue ready at any crisis, and he has just proven that".

The state has since teamed up with Dun & Bradstreet Credibility Corporation to provide free fraud monitoring to businesses and Experian for individuals. As of yesterday morning, it has signed on 521,000 individuals to Experian's ProtectMyID program, but is still urging residents to enrol. Signing individuals and businesses on to fraud detection and protection schemes has become the state's focus, with it only able to inform residents of the services, as enrolling them against their will would be considered illegal.

According to the Associated Press, Haley has since cancelled her campaign in support for Mitt Romney in order to focus on the hacking investigation.

Editorial standards