South Carolina State Law Enforcement Division Chief Mark Keel, left, and Department of Revenue Director James Etter talk about the security breach.(Photo: Greenville Online)
A foreign hacker stole a vast database of the South Carolina
Department of Revenue and investigators told GreenvilleOnline.com that
387,000 credit card numbers and 3.6 million Social Security numbers have
In exclusive interviews with Gannett's
GreenvilleOnline.com and WLTX television of Columbia, which was first
alerted to the breach, officials refused to say whether the database has
been retrieved, calling it a "sensitive investigation."
16,000 of the credit cards, officials said, were encrypted - meaning
they were coded against being used by outside groups. But they said they
don't know whether hackers could break the encryption.
The remaining number of credit cards are so old, investigators said, that they don't believe they are at risk of being used.
who has filed a South Carolina tax return since 1998 is immediately
being asked to visit protectmyid.com/scdor or call 1-866-578-5422 to
determine if their information is affected. The state will provide those
affected with one year of credit monitoring and identify-theft
protection, officials said.
No public funds were exposed or accessed, officials said.
why they didn't notify the public, Keel said they decided to notify the
public after the investigation reached a series of benchmarks. He said
it was in the public's best interest that the investigation proceed
further before public notification.
Investigators said they have known about the breach since Oct. 10.
The "hole" that allowed the intrusion by the hacker was sealed on Oct. 20 and they said the system is now secure.
They refused to answer the question of whether the database may have been copied.
officials' action, however, is shrouded in mystery. SLED Chief Mark
Keel and representatives of the Secret Service refused to say whether
taxpayers paid a ransom to the hacker to retrieve the database.
said in a meeting that ended minutes ago with reporters of
GreenvilleOnline.com and WLTX that they have been working over the past
two weeks in a secret and high-stakes investigation of the theft.
said the banking industry was secretly notified at the beginning of the
investigation as required by state law. The law also requires the
public who are at risk to be notified. Keel said investigators didn't
know throughout the investigation if the data was compromised.
Nikki Haley has asked the state's inspector general to examine computer
security for all agencies. The Department of Revenue has hired a
computer security firm - Mandiant - that that will determine what was
taken, said James Etter, director of the Revenue Department.
Tim Smith, Greenville Online