South Carolina was the latest victim of data theft by a hacker. According to a report released by Reuters, “As many as 3.6 million Social Security numbers and 387,000 credit and debit card numbers used by state taxpayers” could have been stolen. This theft has put the residents of South Carolina at risk of being victims of identity theft. The investigation into the cause of the breach is in its early stages and so far investigators know that the hacker operated from a foreign IP address. Understandably Governor Nikki Haley is quite upset about the breach, and for good reason.
According to the article, not all of the data kept by the state’s Department of Revenue was encrypted. None of the Social Security numbers and about 16,000 credit card numbers kept by the government agency was encrypted. This fact points to a lapse in maintaining best practices for securing sensitive information. On the plus side, no public funds were stolen by the hacker, and the vulnerability that led to the breach was found and closed up. There is no telling what the stolen data may be worth, but if even a small amount of personal data is used for fraud, the cost to the citizens of the state will be huge.
It seems that there were multiple warning signs that South Carolina had security issues with their systems. According to a state official, two attempts were made to “probe” the South Carolina Department of Revenue’s network in September and one attempt was made in August. Also in September, two intrusions occurred in which the hacker was able to steal data for the first time. What’s more troubling is the fact that attacks against South Carolina’s government systems are not isolated to these instances at the department of revenue. Early in 2012 police arrested a South Carolina state health agency employee who stole the information of 230,000 Medicaid recipients. Additionally, a hacker was able to access the personal information of 34,000 students and faculty from the University of South Carolina. It would seem that whoever is in charge of maintaining the systems used by the government in South Carolina should assess and restructure the security practices of the state.
No comments:
Post a Comment