South Carolina cyber attack exposes millions of social security numbers

Criminals have stolen approximately 3.6 million social security numbers and 387,000 credit card numbers in South Carolina. The cyber attack was confirmed by the South Carolina Department of Revenue on Friday 26 October. To mitigate the potential consequences of the intrusion, the state is offering affected citizens a free one-year credit monitoring and identity theft protection package.

All current and former South Carolina residents that have filed a tax return since 1998, which is more than 75 per cent of the state's 4.7 million residents, are affected by the security breach. The SC Department of Revenue said that it became aware of the attack on 10 October. An investigation revealed that the attacks had been carried out since the end of August, and that data was first harvested in mid-September. The security hole that led to the data leak was closed on 20 October. No further vulnerability details have been disclosed – the authority simply calls it "the hole".

Apparently, most of the 387,000 credit card numbers are protected by strong encryption mechanisms, but about 16,000 credit card numbers were left unencrypted. South Carolina residents and former residents who have moved away from the state in recent years can use a link or hotline to register for the free one-year credit monitoring and identity theft protection scheme; the service is provided by Experian. Also, the state protection scheme will continue to be available beyond the first year, but the SC Department of Revenue's press release doesn't mention whether the state will continue to pay for that extended service.

(crve)