S.C. Security Blunders Show Why States Get Hacked
Governor blames data breach on Russian hackers and the IRS, but states' by-the-book IT ethos shows rules and regulations are the real culprit.
This holiday season, millions of people who live or work in South Carolina have a special treat in store: the potential for their identities and savings to get misused. That's thanks to the state's Department of Revenue having stored 3.3 million bank account numbers, as well as 3.8 million tax returns containing Social Security numbers for 1.9 million children and other dependents, in an unencrypted format. After a single state employee clicked on a malicious email link, an attacker -- unnamed Russian hackers have been blamed -- was able to obtain copies of those records. The state has now urged anyone who has filed a tax return in South Carolina since 1998 to contact law enforcement officials. How could this happen? After attackers owned South Carolina's revenue systems, they were able to conduct weeks of reconnaissance undetected. That's because the Department of Revenue had opted out of the state's optional intrusion-detection-monitoring program. Thankfully, the U.S. Secret Service spotted some identity theft cases and seems to have traced the stolen information back to state tax returns. Read full story on InformationWeek
Post a comment to the original version of this story on InformationWeek