IT officials in the state informed the DOR of suspicious activity on Oct. 10. According to a press release issued by the DOR, officials acted upon advice from law enforcement and engaged Virginia-based Mandiant, a global information security firm. The contractor is helping investigate the incidents, secure the system, deploy new software and related equipment, and modify access policies. Intelligence gathered since the discovery suggests that following several attempts to access the system, hackers successfully obtained taxpayer data in mid-September.
People who filed a tax return in South Carolina since 1998 should call 1-866-578-5422 or visit Experian’s Protect My ID website to see if their information was exposed as a result of the DOR breach.
A remedy commonly offered by organizations to customers whose data is hacked is being replicated by state officials in South Carolina: one year of credit monitoring and identity protection services, paid for by the state.
Cyberattack in South Carolina: By the Numbers Current population of South Carolina: 4.6 million Social Security numbers compromised: 3.6 million Total number of credit and debit cards exposed: 387,000 Number of exposed cards that are unencrypted: 16,000 |
"From the first moment we learned of this, our top priority has been to protect the taxpayers and the citizens of South Carolina, and every action we’ve taken has been consistent with that priority," said Department of Revenue Director James Etter in a news release. "We have an obligation to protect the personal information entrusted to us, and we are redoubling our efforts to meet that obligation."
The DOR attack is the second time this year that a government agency in South Carolina has suffered from a major breach. In April, more than 225,000 Medicaid records were transferred by a South Carolina Department of Health and Human Services employee to a personal email account.
Attempts to interview a DOR official were unsuccessful, but Gov. Nikki Haley and Law Enforcement Division Chief Mark Keel held news conferences about the breach Oct. 29 and Oct. 26.