The details of 378,000 payment cards have also been exposed

Oct 27, 2012 09:14 GMT  ·  By

A group of cybercriminals have successfully managed to breach the systems owned by the South Carolina (S.C.) Department of Revenue. As a result of the breach, 3.6 million social security numbers (SSNs), 378,000 payment card numbers and other sensitive information has become exposed.

“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens,” said Governor Nikki Haley.

According to S.C. Department of Revenue representatives, most of the credit cards are protected by “strong encryption,” but the details of around 16,000 of them are unencrypted.

“On October 10, the S.C. Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers,” Department of Revenue Director James Etter said in a statement.

“We worked with them throughout that day to determine what may have happened and what steps to take to address the situation. We also immediately began consultations with state and federal law enforcement agencies and briefed the governor’s office.”

According to the agency’s representatives, there wasn’t only a single intrusion. There was at least one attempt to breach the systems in late August, two attempts to probe the organization’s infrastructure in early September, and two break-ins in mid-September.

Law enforcement has been called in to investigate the crime. Also, the Department of Revenue contracted security firm Mandiant to assist the investigation and help secure the system to prevent future incidents.

The vulnerability which allowed the hackers to breach the computer system was patched up, but the issue is far from being over since the cybercriminals can at any time start abusing the information they obtained, if they haven’t done so already.

To prevent any unfortunate incidents, authorities are providing one year of credit monitoring and identity protection to the affected individuals. To enroll in these programs, all those who filed tax returns since 1998 are advised to immediately call 1-866-578-5422 or visit protectmyid.com/scdor.