COLUMBIA, S.C. (11/16/12)--A massive data breach at South Carolina's Department of Revenue has prompted an order for cabinet-wide cyber security measures from state Gov. Nikki Haley, as well as warnings to members from credit unions about the breach.
Cyber criminals stole more than 3.5 million Social Security numbers and information from 387,000 credit and debit cards in September from the state's collection agency, said the governor's press release Thursday. The breach exposed the records of anyone who had paid taxes in the state since 1988. It affects 77% of the state's population.
Credit unions were alerted to the breach, which was announced Oct. 20 and was a topic among CUNA Technology Council members. Some credit unions placed a notice on their website that directs members to free credit monitoring services.
For example, $232 million asset SC Telco FCU, based in Greenville, placed an update on its website warning members about the breach. It said 16,000 of the debit and credit card numbers were not encrypted. Although the credit union does not know if its members were directly impacted, it noted it will continue monitoring the situation and stay "in constant contact with Visa to determine any proactive measures that may be needed. The protection of our members' personal information is our top priority."
The credit union made four recommendations to members.
- Use the free credit monitoring set up by the state.
- Check credit reports and report any discrepancies to the credit reporting bureau.
- Diligently monitor banking accounts. Because the breach occurred at the department of revenue "all financial institutions are at risk of having their customers/members' information exposed," said the credit union. SC Telco provided information for checking accounts and transactions and said to contact the credit union immediately if there is a suspicious or fraudulent transaction.
- Take advantage of e-mail alerts that notify the consumer when the account has activity.
In a press conference Wednesday, Gov. Haley indicated her order directs the state's cabinet agencies to work with the Division of State Information Technology (DSIT) to implement network monitoring 24/7 as well as intervention and interruption of unusual events or viruses. She also encouraged all non-cabinet agencies to work with DSIT to identify weaknesses in their current monitoring and to implement stronger monitoring if needed.
When a potential threat or attack is identified, the agency's IT staff will be asked to remove the infected computer from the network and begin remediation action.
The state has been scrambling to help consumers affected by the breach. Credit reporting bureau Experian set up a call center to assist the state's taxpayers. As of Wednesday morning it had received more than 775,000 calls and signed up 789,500 callers for its ProtectMyID program, the governor said.