RALEIGH, N.C.--About 3.6 million Social Security numbers and some 387,000 credit and debit card numbers have been exposed in a cyber-attack on the South Carolina Department of Revenue Agency's database, a spokeswoman for the agency told BNA Oct. 26.
On Oct. 31, Gov. Nikki Haley (R) announced that tax information on as many as 657,000 businesses also was exposed.
According to the governor, business information exposed in the attack “is already public,” such as Employer ID numbers (EINs), account numbers, and Social Security numbers that may be associated with a company.
According to Samantha Cheek, the department's public information director, the agency currently is not aware of any misuse of victims' confidential information related to a cyber-attack on its system. “As this is an ongoing criminal investigation we cannot comment as to the origin of the attack,” she said.
In an Oct. 26 announcement, the agency said investigators found that the agency's system was hacked in early September and the taxpayer information appears to have been obtained in mid-September. The agency said it has addressed the vulnerability to its system and is working with state and federal law enforcement entities.
According to the revenue agency, the vast majority of the credit cards that were exposed were protected by “a strong encryption deemed sufficient under the demanding credit card industry standards to protect the data and cardholders.” However, some 16,000 affected credit cards were unencrypted, the agency said.
The state later said it believes that all credit card numbers exposed in the breach were for expired cards.
Taxpayers who have filed a South Carolina tax return since 1998 are potentially affected by the data breach. The state is offering one year of credit monitoring and identity theft protection to victims of the attack.
Following the announcement of the breach, Haley Oct. 26 issued an executive order (No. 2012-10) calling on South Carolina agencies to coordinate with the state Inspector General's Office in an effort to review and strengthen their information technology security procedures and protocols.
“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens,” Haley said in an Oct. 26 statement.
“We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected,” she said.
Haley said that Dun & Bradstreet will offer South Carolina businesses that have filed a tax return with the state since 1998 a free service that will alert them to changes that take place in their credit files. Changes in business address and officers are among those items being monitored, she said.
Dun & Bradstreet was scheduled to launch a website for enrollment Nov. 2 and also is offering a toll-free number, the governor said. The monitoring will be provided for free “for the life of the business,” according to Haley.
Out-of-state companies that filed tax returns with South Carolina also may access Dun & Bradstreet's services as well, Haley said in a Nov. 1 update to reporters.
In addition, Haley said, state officials have contacted the Federal Trade Commission and the Internal Revenue Service to inform those federal agencies of the data that had been exposed. She said that state officials are working with the IRS to allow South Carolina businesses to change their EINs if they so choose.
By Andrew M. Ballard
The executive order is available at http://governor.sc.gov/ExecutiveOffice/Documents/2012-10%20Reviewing%20IT%20Security.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).