Major mistakes made in South Carolina security breach

Hackers stole personal information

A report into a large-scale security breach at the South Carolina tax collection agency has found that the state could have done more to avoid security failings and protect the personal information of just under 4million taxpayers who had filed tax returns since 1998.

IT security firm Mandiant, who compiled the report, pointed to two major mistakes made by the state that allowed hackers to obtain passwords and destabilise 44 operating systems using malicious software to steal social security numbers, unencrypted bank account numbers and 5,000 expired credit card numbers. The first mistake was that anyone trying to access the system did not require two different methods of verification and secondly, social security numbers were not encrypted.

The breach has led to the resignation of Department of Revenue Director Jim Etter, effective at the end of the year, and South Carolina Governor Nikki Haley acknowledged that mistakes were made when she addressed reporters at a press conference. She said: “We didn’t do enough. We should go above and beyond to make sure we do. That we had 1970 equipment, combined with the fact that we were IRS compliant, was a cocktail for an attack.” 

Related reading

A hand holding a smartphone with $ icons on the screen, which is visually connected to a network of little people around it

Leave a comment