A report into a large-scale security breach at the South Carolina tax collection agency has found that the state could have done more to avoid security failings and protect the personal information of just under 4million taxpayers who had filed tax returns since 1998.
IT security firm Mandiant, who compiled the report, pointed to two major mistakes made by the state that allowed hackers to obtain passwords and destabilise 44 operating systems using malicious software to steal social security numbers, unencrypted bank account numbers and 5,000 expired credit card numbers. The first mistake was that anyone trying to access the system did not require two different methods of verification and secondly, social security numbers were not encrypted.
The breach has led to the resignation of Department of Revenue Director Jim Etter, effective at the end of the year, and South Carolina Governor Nikki Haley acknowledged that mistakes were made when she addressed reporters at a press conference. She said: “We didn’t do enough. We should go above and beyond to make sure we do. That we had 1970 equipment, combined with the fact that we were IRS compliant, was a cocktail for an attack.”
Whitepapers
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more