South Carolina hack Haley admits South Carolina is at fault in hacking incident with millions of records stolen

In mid September 2012, the U.S. State of South Carolina’s Department of Revenue (DOR) computer system was hacked.  The breach in the system resulted in millions of people’s data being stolen.

Now the state will be spending some 14 million dollars in expenses and fees along with losing the SC Department of Revenue Director, Jim Etter, who resigned over the incident.

The hacker who got inside South Carolina’s DOR computer system in September 2012 obtained exactly what they were after, and the ordeal went down as the worst breach in U.S.. history.  The hacker was able to steal data involving millions of citizens in that state, which included detailed credit card numbers, social security numbers and a wealth of private data on taxpayers.  It took a private firm by the name of Mandiant Corporation to get the system securely locked down. 

An official press release issued by the South Carolina Governor's office on October 26, 2012 describes the cyber break-in and how it was securely locked down.  The document reads in part:

On October 10, the S.C. Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers,” said DOR Director James Etter. “We worked with them throughout that day to determine what may have happened and what steps to take to address the situation. We also immediately began consultations with state and federal law enforcement agencies and briefed the governor’s office.

The PR also stated that some 16,000 credit card numbers along with social security numbers and other types of personal data was stored without encryption. 

On November 20, 2012, South Carolina Governor Nikki Haley issued a statement to the public concerning the incident.  She also admitted that the state was negligent and was not prepared to prevent such a cyber attack in the first place.  In turn, the SC Department of Revenue Director, Jim Etter, submitted his letter of resignation, which will go into effect on December 31, 2012. 

Governor Haley accepted Director Etter’s resignation but she also made it clear that Etter was not at fault, and said both she and Etter realized someone else could be better capable of handling such problems in the future.  Haley also said, “This is a new era in time…you can’t work with 1970 equipment.  You can’t go with compliance standards of the federal government.  Both are outdated.”

Governor Haley alerted South Carolina residents that they should understand that their personal data was stolen, which includes some 700,000 small and large business records, a lot of which was unencrypted and in plain text.

The South Carolina Department of Revenue cyber-attack is said to be the largest theft of personal data in U.S. history.  Mandiant Corporation, which was hired by SC to correct the breach, is a leading network security company that resolves and fixes threats to computer systems and servers.  It was Mandiant that was able to tell the state exactly how and why the system was breached. 

According to Governor Haley’s office the breach will cost about half a million dollars just for Mandiant’s services alone.  Other fees will have to be paid to credit agencies, and fees for attorneys will cost the state as well.  When it is all said and done the entire ordeal will cost the state approximately 14 million U.S. dollars.