SC Senate panel looks into SCDOR hacking - FOX Carolina 21

SC Senate panel looks into SCDOR hacking

Posted: Updated:
Outgoing Director of SCDOR Jim Etter testifies before the panel. (Nov. 28, 2012/FOX Carolina) Outgoing Director of SCDOR Jim Etter testifies before the panel. (Nov. 28, 2012/FOX Carolina)
SC Sen. Kevin Bryant begins the hearing in Columbia. (Nov. 28, 2012/FOX Carolina) SC Sen. Kevin Bryant begins the hearing in Columbia. (Nov. 28, 2012/FOX Carolina)
COLUMBIA, SC (AP/FOX Carolina) -

State senators are investigating a massive tax breach at South Carolina's tax collection agency that exposed the unencrypted data of 3.8 million individual filers and 700,000 businesses.

A Senate oversight panel created earlier this month held its first meeting Wednesday morning.

During the meeting, officials testified that on Aug. 13, a computer hacker sent multiple malicious emails, otherwise known as phishing emails, to employees at the South Carolina Department of Revenue. These emails purported to come from the tax agency and asked users to click on a link to confirm a pending wire transfer.

Marshall Heilman with Mandiant, the computer security firm hired by the Revenue Department on Oct. 12 to determine what information was taken and how, said an employee clicked on that link, opening the door for the hacker to operate undetected for weeks.

"In this particular case if the DOR had multi-factor authentication, the hacker would not have been able to log on using those credentials," Heilman testified.

He said multi-factor authentication would have required the hacker to use more than one method of identification to log on to the system. Heilman also said their services will cost the state $700,000.

Heilman said they know whose user account was connected to the breach and that the international hacker used phishing emails to breach the system.

Along with Heilman, other state officials testified before the panel Wednesday morning including outgoing Director of the South Carolina Department of Revenue Jim Etter, who turned in his letter of resignation in the wake of the breach and will remain on until Dec. 31.

Mandiant said SCDOR did not encrypt any taxpayers' social security numbers and some financial information was left vulnerable. Etter said that the state considered encryption in 2006, but it would have cost too much.

"It would be very expensive and cost ineffective," Etter said. "It would have cost about $5 million."

Etter also had to answer questions as to why the tax agency was without a computer security chief for almost a year, until this August. He said there was not enough money to hire a qualified person, delaying the search and hiring of someone.

"We moved as fast as we could," Etter said. "We are not competitive with the private sector and trying to find someone to move into this position is very difficult."

Panel co-chairman Kevin Bryant of Anderson has said the subcommittee's job is to find out who's responsible for the agency's lax computer security. Bryant said he was upset to hear that simple and relatively inexpensive measures could have prevented the attack.

"These professional hackers are very good," Bryant said. "but like I mentioned, the lion doesn't go to the head of the pack to eat lunch. So evidently we were the easiest to get into."

So far, the attack has cost the state $12,700,000, which includes monitoring services from Experian and fees paid to Mandiant to investigate the breach, making the $5 million cost in 2006 to encrypt all the date look like a good deal.

The state has set up a year of daily monitoring of the three credit bureaus and a lifetime of over-the-phone help on resolving identity theft after it happens through Experian. People are asked to visit and enter code SCDOR123 or call 1-866-578-5422 to determine if their Social Security number was accessed.

Haley said in a previous press conference that Dun and Bradstreet Credibility Corp. will offer free credit-monitoring service to any businesses affected by the hacking case. She said the businesses can sign up for the service at or by calling 800-279-9881.

Copyright 2012 FOX Carolina (Meredith Corporation). All rights reserved. The Associated Press contributed to this report.

More News

SIDEBAR - More stories on SCDOR hacking case


More stories on the South Carolina Department of Revenue hacking investigation. More>>

Powered by Frankly
Fox Carolina
Powered by WorldNow CNN
All content © 2018, WHNS; Greenville, SC. (A Meredith Corporation Station) . All Rights Reserved.
For more information on this site, please read our Privacy Policy, and Terms of Service, and Ad Choices.