SC explains hacking scandal and the plan for the future on Tuesday

by: Greg Suskin Updated:

Loading

COLUMBIA, S.C. - New information and a major resignation Tuesday after an elaborate hacking scheme compromised millions of Social Security and bank accounts across South Carolina.

The head of the South Carolina Department of Revenue has resigned after admitting there's more his agency could've done to prevent the computer breach.

Jim Etter will be replaced by Bill Blume on an interim basis.

On Tuesday, Gov. Nikki Haley released a report that showed just how deep and wide the hacking operation went.

The investigation found that it's likely a single department of revenue employee accidentally clicked on a link in a phishing e-mail back in August.

That mistake allowed international hackers to gain access to the employee's password and account information.

From there they launched 33 different pieces of malicious software to break into 44 computer systems at SC-DOR. Over the next several weeks the information they were able to steal, is staggering.

Haley gave reporters a rundown of what was compromised:
3.8 million tax files
1.9 million dependents listed on those files
699,900 businesses
3.3 million bank accounts
5,000 credit cards

Every tax return filed electronically since 1998 is at risk.

The state of South Carolina does not use encryption to protect Social Security numbers and bank account numbers for taxpayers who file electronically.

The governor said that information should be considered stolen.

"We should assume that it was, that it was taken," she said. "What we have here in South Carolina is a cocktail for an attack."

Haley said that's because of the lack of encryption, but also because of antiquated 1970s-era storage systems and methods for holding tax data.

Also new Tuesday, state officials now know who the victims were. Gov. Haley said victims can expect a letter soon if it's confirmed their private information was exposed. Those who signed up with the free credit-monitoring service Experian will be notified by email if they were victims.

So far, more than 800,000 people have called the state's hotline regarding the security breach.

Sled Director Mark Keel stood by the governor's side in Columbia during Tuesday's news conference. He said his department and federal investigators are working to find the hackers.

However, he would not comment on any details of that investigation, such as how many people could be involved.

Haley also wrote a letter to the IRS, urging the federal tax agency to encrypt its own data.

She said South Carolina did not do it previously because it wasn't required.

"This isn't just a state problem. Its municipalities, it's the federal government, it's everybody," she said.

The governor has held news conferences weekly and sometimes multiple times a week since news broke of the security breach last month. She said she's asking police daily what kind of progress they're making on identifying the hackers.

The governor also commented about the safety of private information in the long run.

"No one will ever again be 100 per cent safe, no matter what we do," Haley said. "But what we can do is make sure we put so many layers in the process that it is awfully hard to get into."

Those layers are apparently being put in place.

Officials said there is no evidence that the hackers are still breaking into any state computers.