Gov. Nikki Haley said the state should have done more to protect taxpayers' information after the South Carolina Department of Revenue's records were hacked.
During a press conference at the State House on Tuesday, Haley announced official findings after Mandiant's investigation into the security breach, which affected 5.7 million taxpayers and their children's Social Security numbers.
Haley said in all, 3.8 million taxpayers who filed electronically along with 1.9 million dependents, 3.3 million bank account numbers, nearly 700,000 businesses and 500,000 expired credit card numbers were accessed by an international hacker.
All of the victims' information has been identified and officials are working to notify everyone affected, Haley said Tuesday. She said victims would receive a letter in the mail soon and those who had signed up for protection with Experian would receive an email as well.
Haley said the state should have done a better job to protect taxpayers' data, including encrypting their social security numbers. She said the state was operating with a 1970's era system and two major vulnerabilities that the Mandiant report identified.
She said the report discovered that SCDOR did not have dual verification to get into their system and did not encrypt the most sensitive information. She said the Internal Revenue Service does not require states to encrypt social security numbers but urged leaders to change this policy.
Haley also announced that the Director of Department of Revenue Jim Etter turned in his letter of resignation in the wake of the breach. He will remain on until Dec. 31 and Bill Bloom will serve as the interim director.
The international hacker breached SCDOR's system multiple times, Haley first announced in October. There was no new information released with regards to the state's criminal investigation.
Haley said taxpayers' information who filed via paper was not compromised in the breach but those who filed electronically since 1998 was made vulnerable.
Last week, Haley issued an executive order requiring all Cabinet agencies to comply with the Department of State Information Technology (DSIT) and requiring security monitoring 24 hours a day, seven days a week.
Since news of the breach was made public, a Greenville attorney filed a class-action lawsuit against Haley, SCDOR, Trustwave and DSIT in connection with a hacking case.
The state has set up a year of daily monitoring of the three credit bureaus and a lifetime of over-the-phone help on resolving identity theft after it happens through Experian. People are asked to visit protectmyid.com/scdor and enter code SCDOR123 or call 1-866-578-5422 to determine if their Social Security number was accessed.
Haley said the state is working with Experian to expand protection and will release more about it next week.
Haley said in a previous press conference that Dun and Bradstreet Credibility Corp. will offer free credit-monitoring service to any businesses affected by the hacking case. She said the businesses can sign up for the service at dandb.com/sc or by calling 800-279-9881.
Copyright 2012 FOX Carolina (Meredith Corporation). All rights reserved.
Sunday, August 31 2014 3:28 PM EDT2014-08-31 19:28:29 GMT
Disturbing pictures of an injured kindergartner from Pascagoula have made a mother's call for action go viral online.More >
Disturbing pictures of an injured kindergartner from Pascagoula have made a mother's call for action go viral online. Friends and family of a Pascagoula kindergarten student have created a Facebook page and GoFundMe.com account claiming the girl was attacked on the playground this week by another student.More >