SCDOR breach exposes Social Security, debit and credit card info

-A A +A

Cyber attack exposes nearly 4M taxpayer numbers

from S.C. Department of Revenue

COLUMBIA – The S.C. Department of Revenue announced Friday that about 3.6 million Social Security numbers and 387,000 credit and debit card numbers have been exposed in a cyber attack.

Of the credit cards, the vast majority (all but about 16,000) are protected by strong encryption deemed sufficient under demanding credit card industry standards to protect the data and cardholders.

“Taxpayer information was stolen,” S.C. Gov. Nikki Haley said in a Friday afternoon news conference at the State Law Enforcement Division (SLED).

The breach began in August, officials said, but didn’t come to the attention of law enforcement until early October.

DOR Director James Etter said the agency was informed of a potential cyber attack involving personal taxpayer information Oct. 10. According to officials, no public funds were accessed or put at risk.

“From the first moment we learned of this, our top priority has been to protect the taxpayers and citizens of South Carolina, and every action we’ve taken has been consistent with that priority,” Etter said. “We have an obligation to protect the personal information entrusted to us, and we are redoubling our efforts to meet that obligation.”

Etter said the agency has been working with the S.C. Division of Information Technology to figure out what happened and what steps to take to address the situation. SCDOR is also working with state and federal law enforcement agencies and the governor’s office during the investigation.

“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the state of South Carolina and all our citizens,” Haley said. “We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected.”

Upon the recommendation of law enforcement officials, DOR contracted Mandiant, one of the world’s top information security companies, to assist in the investigation, help secure the system, install new equipment and software and institute tighter access controls.

On Oct. 16, investigators uncovered two attempts to probe the system in early September, and later learned a previous attempt was made in late August.

In mid-September, two other intrusions occurred and to the best of the department’s knowledge, the hacker obtained data for the first time. No other intrusions have been discovered. 

On Oct. 20, the vulnerability in the system was closed and, to the best of the department’s knowledge, secured.

What to do

To protect taxpayers, the state will provide those affected with one year of credit monitoring and identity theft protection.

Anyone who has filed a South Carolina tax return since 1998 is urged to visit protectmyid.com/scdor or call (866) 578-5422 to determine if their information is affected. The call center is open 9 a.m.-9 p.m. Monday through Friday and 11 a.m.-8 p.m. Saturday and Sunday.

Then you will determine if you wish to have an online or U.S. mail alert mechanism.

For the online service, visit http://www.protectmyid.com/scdor. For the mail service, you will receive notifications via the U.S. mail.

If affected, the taxpayer can immediately enroll in one year of identity protection service provided by Experian that detects, protects and resolves potential identity theft. The service includes daily monitoring of all three credit bureaus. The alerts and daily monitoring services are provided for one year, and consumers will continue to have access to fraud resolution agents and services beyond the first year.

In addition to the Experian service, state officials urge individuals to consider additional steps to protect their identity and financial information, including:

• Regularly review credit reports

• Place fraud alerts with the three credit bureaus

• Place a security freeze on financial and credit information with the three credit bureaus.

If credit card information is compromised, the best protection is to have the bank reissue the card. Anyone who has used a credit card in a transaction with the Department of Revenue should check bank accounts regularly to see if any unauthorized charges have occurred.

If so, the cardholder should contact the credit card issuer immediately by calling the toll-free number on the back of the card or on a monthly statement, tell them what you have seen and ask them to cancel and reissue the card. Consumers should also change any credit card web account passwords immediately when unauthorized charges are detected.


See video