Slashdot Mirror

← Back to Stories (view on slashdot.org)

South Carolina Department of Revenue Hacked, 3.6 Million SSNs Taken

Posted by Soulskill on from the boy-are-their-faces-red dept.

New submitter Escape From NY writes "3.6 million Social Security numbers and 387,000 credit and debit card numbers were stolen from the SC Department of Revenue. Most of the credit and debit card numbers were encrypted — all but about 16,000. There were several different attacks, all of which originated outside the country. The first they're aware of happened on August 27, and four more happened in September. Officials first learned of the breach on October 10, and the security holes were closed on October 20. This is still a developing story, but anyone who filed a SC state tax return since 1998 my be at risk. Governor Nikki Haley today signed an executive order (PDF) to beef up the state's IT security."

20 of 112 comments (clear)

  1. Love their response by Anonymous Coward · · Score: 2, Informative

    No worries, every single citizen of South Carolina--just call this skeevy company that offered us free credit protection and give THEM your personal info too.

    And also, the phone lines are busy. And the website doesn't actually work. And the offer is just a scam to try to try to get you on the hook for their "upgraded" service, which you'll never be able to cancel.

    Sorry, you didn't expect the state to actually PAY to fix this mess did you?

    Also, the Governor forgot to mention that one of her first acts in office was to order her agencies to cut their IT staff as much as possible (in hopes of creating a statewide Department of Administration that would answer only to her). What could possibly go wrong, huh?

    1. Re:Love their response by Anonymous Coward · · Score: 2, Funny

      That's OK. Security's fixed now; the governor signed an executive order that made it so.

  2. why bother by Rivalz · · Score: 3, Insightful

    obviously there is no repercussions to the vendors, administration and IT staff.

  3. So when is someone going to swing? by Tastecicles · · Score: 4, Insightful

    This is yet another fine example of Government security doing its usual - leaking like a sieve, in clear violation of Statutory data security requirements. I'll make a prediction right here: some anonymous H1B or lowly DEC will catch it and be fired, notwithstanding the fact that the buck should stop not there, but at the feet of the DCM or the Executive who will continue to collect seven digit salaries.

    --
    Operation Guillotine is in effect.
    1. Re:So when is someone going to swing? by penix1 · · Score: 4, Insightful

      I'll play devil's advocate here...

      The true fault lies with the lazy citizens. They demand every government agency put their stuff online so they don't have to get off their fat asses and actually do something in person. The fault lies in the citizens always screaming "no taxes to pay for the services I demand". The fault lies with the citizens screaming for "less government" yet expecting government to do everything for them. The fault lies with the citizens who demand lowest bids be accepted for contracts allowing inferior products and services.

      Two things come to mind...

      Be careful what you wish for. You just may get it!
      and
      You get what you pay for.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
    2. Re:So when is someone going to swing? by Obfuscant · · Score: 4, Insightful

      The fault lies with the citizens screaming for "less government" yet expecting government to do everything for them.

      Sorry, mate, but I'm one of the ones who says "less government", and I also say "stop doing things for me that I can do better myself." Trying to paint all people who call for less government with the same brush as those who feel the government should be a nanny state is a mistake, and leads to a sloppy and fatally flawed argument.

    3. Re:So when is someone going to swing? by Havokmon · · Score: 4, Interesting

      I'll play devil's advocate here...

      The true fault lies with the lazy citizens. They demand every government agency put their stuff online so they don't have to get off their fat asses and actually do something in person. The fault lies in the citizens always screaming "no taxes to pay for the services I demand". The fault lies with the citizens screaming for "less government" yet expecting government to do everything for them. The fault lies with the citizens who demand lowest bids be accepted for contracts allowing inferior products and services.

      Two things come to mind...

      Be careful what you wish for. You just may get it! and You get what you pay for.

      Nope. SC is accepting credit cards. They are under the same requirements (PCI) as all other MERCHANTS who wish to accept credit card payments. They weren't PCI compliant (I'll go out on a limb and 'guess' that's the case), and they got hacked.

      They need pay the fine to Visa. That'll be interesting to see how that happens.

      I walked out of a company, where I built the IT and PCI Compliance, because exactly what the parent says will happen - does happen. I just got out before the morons in charge let us get hacked and I got fired for their idiocy. I can only imagine what happened to the IT guys at CardSystems.

      --
      "I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
    4. Re:So when is someone going to swing? by Obfuscant · · Score: 4, Insightful

      So when the crime rate goes up because of your less government you will remain silent right?

      Unfortunately for your rant, the things you want to claim I've been calling for less of aren't. You don't know, so please stop making a fool of yourself.

      When the hurricane hits the east coast next week you won't have a single comment on how the government handles the response right?

      Yes, I will. I will say "those idiots who build houses on a coast that both erodes on a regular basis and is innundated by storms should not get taxpayer support in rebuilding. They chose to live there despite the dangers, they should assume the risk.

    5. Re:So when is someone going to swing? by lgw · · Score: 3, Insightful

      So when the crime rate goes up because of your less government you will remain silent right? When your house burns down because they closed the fire department that was closest to you you won't complain right?

      Texas has no income tax yet has fire departments, police departments, schools, roads, and so on. California has the highest income tax, yet far crappier roads (seriously, the don't even light the freeways in town, and they're full of potholes), though the schools might be better (that tends to vary more between neighborhoods than between states, though).

      Here's a clue: the "infrastructure" part of government only takes a very small government to do. Mostly, government takes your money to give it to supporters

      When the hurricane hits the east coast next week you won't have a single comment on how the government handles the response right?

      Florida has no income tax, and had great government support when 4 hurricanes hit that one year (I was living there at the time). They even had a Republican governer that stood up against insurance companies and forced the to continue offering insurance that covered hurricane damage.

      You don't need a government that vacuums all possible cash form its citizens to do the good stuff government does - you only need that only to hand over vast sums of money to governments friends.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    6. Re:So when is someone going to swing? by penix1 · · Score: 2

      Florida has no income tax, and had great government support when 4 hurricanes hit that one year (I was living there at the time). They even had a Republican governer that stood up against insurance companies and forced the to continue offering insurance that covered hurricane damage.

      I couldn't let this one slide since I was in FEMA during that time...

      Florida gets far, far, far more federal dollars than it contributes especially in disaster response. Hell, there are still about 2,500 federal employees still deployed there for those hurricanes. Just because the Florida governor can push the cost of the disaster to the federal government instead of passing it off to you directly doesn't mean we all aren't still paying for it.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
    7. Re:So when is someone going to swing? by KingMotley · · Score: 2

      You are totally right penix1!

      Instead of reducing government waste, we should actually increase it. Just think! Almost no crime, or fires if we had 10x the government we do now. And in order to pay for it, instead of them taking 18% of you paycheck, they will only have to take 180% of it! What a utopia that would be!

  4. The horses have run by starfishsystems · · Score: 3, Funny

    The horses have run. Hurry up and close that barn door!

    --
    Parity: What to do when the weekend comes.
  5. "Only" 16,000 credit/debit numbers at risk by Andy+Prough · · Score: 4, Insightful

    Well - that's reassuring! So, "only" 16,000 people potentially have their life savings at risk, or are about to have their lives turned upside down? Sure is convenient that government agencies have immunity from civil liability...

    1. Re:"Only" 16,000 credit/debit numbers at risk by Tastecicles · · Score: 2

      In answer to your first question: Data Protection Act 1998. In answer to your second question: the same Act, under the heading "Offences by Bodies Corporate", which includes actionable negligence.

      --
      Operation Guillotine is in effect.
  6. Re:TWO MONTHS to close the security hole? by Andy+Prough · · Score: 2

    Can we fire the government?

    Apparently early voting has already started if you want to fire the current group. Not that that will make a big differenced for this kind of activity.

  7. Re:South Carolina by 0racle · · Score: 3, Interesting

    South Carolina - First in Flight, last in computer interwebs

    Ah the wonders of the American Education System

    --
    "I use a Mac because I'm just better than you are."
  8. Re:3.6 million submarines?? by Anonymous Coward · · Score: 2, Funny

    Uh, for those who missed it, "SSN" is the Navy term for a nuclear submarine.

    (SSN = "ship, submersible, nuclear")

    So the headline saying "3.6 million SSNs taken" is a bit disconcerting, if you're reading the wrong acronyms.

  9. Why are SSNs secret? by bigwheel · · Score: 2

    A social security number is just a hash code to numerically identify a person. Kind of like a full name, except a little more precise. It was my student ID for both undergrad and grad school. It has since turned int a closely guarded secret, although it is included on the paperwork of pretty much anything you sign. There's got to be a better way.

  10. Re:South Carolina by crazyjj · · Score: 2

    NC was first in flight.

    SC was first in fight.

    --
    What political party do you join when you don't like Bible-thumpers *or* hippies?
  11. Get a credit freeze by gumpish · · Score: 2

    Credit freeze

    "A credit freeze, also known as a credit report freeze, a credit report lock down, a credit lock down, a credit lock or a security freeze, allows an individual to control how a U.S. consumer reporting agency (also known as credit bureau: Equifax, Experian, TransUnion) is able to sell his or her data. The credit freeze locks the data at the consumer reporting agency until an individual gives permission for the release of the data."

    You have to pay each of these companies $10 for the privilege, but it's worth it.

    Of course, any time you need to do something that requires a credit check (take out a loan, apply to lease an apartment, apply for a job (sometimes)...), you'll have to temporarily lift the freeze, which is another fee.