The South Carolina Department of Revenue says it used a third-party network monitoring service instead of the state's when a hacker breached its records.
In a report that came out Friday as part of a larger story by WISin Columbia, new information showed that the revenue department had access to free network monitoring through the state's IT department.
Some of that information was included in a letter faxed to the office of State Sen. Vincent Sheheen, D-27th District, from the director of the state's Division of State Information Technology (DSIT) Jimmy Earley on Thursday at 1:45 p.m.
FOX Carolina confirmed with Sheheen's office and DSIT that the letter was authentic and received a copy of it Friday morning. The letter lists approximately 180 state agencies, schools and government offices that requested DSIT network monitoring services to monitor traffic and identify unusual network activity.
The letter said that DSIT monitoring alerts an agency if something unusual is noticed, requiring the agency to address the incident. Among state agency customers receiving DSIT monitoring listed in the letter, the Department of Revenue was mentioned with an asterisk that said full network monitoring was instituted on Oct. 20, 2012.
Additionally, at the revenue department's request, DSIT did monitor certain workstation activity at their Gervais Street location but DSIT was not asked to monitor the system where the breached data was housed, as stated in the letter.
State officials have said the hacker made multiple breaches in August and September, and in a statement released from the revenue department last week, "the vulnerability in the system" was secured to the best of the department's knowledge on Oct. 20.
FOX Carolina received the following statement from a spokesperson for the Department of Revenue on Friday afternoon about their network monitoring system:
"The Department of Revenue used TrustWave, one of the world's leading information technology and data security firms, because the department, as with any entity handling credit card information, is required to be PCI compliant by the world's major credit card companies to safeguard financial information. DSIT, while a wonderful program, does not provide PCI compliance, and therefore the department was required to use a third-party vendor such as TrustWave."
FOX Carolina is now working to contact TrustWave for a statement about their product.
DSIT does not charge agencies for their services, as stated in an email sent to FOX Carolina from a state Budget and Control Board spokesperson.
As a result of the hack, approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers were accessed along with tax information for thousands of South Carolina businesses.
The state has set up a year of daily monitoring of the three credit bureaus and a lifetime of over-the-phone help on resolving identity theft after it happens. People are asked to visit protectmyid.com/scdor and enter code SCDOR123 or call 1-866-578-5422 to determine if their Social Security number was accessed.
Haley said Wednesday that Dun and Bradstreet Credibility Corp. will offer free credit-monitoring service to any businesses affected by the hacking case. She said the businesses can sign up for the service at dandb.com/sc or by calling 800-279-9881 beginning at 8 a.m. Friday.
Copyright 2012 FOX Carolina (Meredith Corporation). All rights reserved.
Friday, August 29 2014 6:57 PM EDT2014-08-29 22:57:37 GMT
(Source: Roland Cooper State Park-Alabama/Facebook)
CAMDEN, Ala. (AP) - A gigantic alligator caught by a family in Alabama earlier this month has set a Safari Club International world record. AL.com reports a pair of master measurers from Safari Club InternationalMore >
A gigantic alligator caught by a family in Alabama earlier this month has set a Safari Club International world record. More >