Oh boy. Reports out today say that the State of South Carolina’s Department of Revenue has been hacked. Early reports suggest 3.6 million tax returns were exposed, later reports show 3.8 million and 700,000 business tax records were exposed. That’s something approaching 77% of the population of the state.
What’s worse, buried in the reports is this gem 387,000 Debit and credit card numbers were lifted and they got 3.8 million Social Security Numbers. now the report does say that all but 16,000 Debit and Credit card numbers were encrypted.. but not a blessed one of those Social Security Numbers were encrypted. What do I always say? Encrypt your SSN and Credit Card tables. And guess what, the IRS says the same thing.
Whats worse, the DOR didn’t have a network monitoring program in place. Even though the State does offer a monitoring program for it’s members. (I’m unclear why it’s only offered and not mandated, betcha that changes soon.) There’s just no excuse to not looking at your logs. I know, I know, IT departments are overwhelmed and overworked and understaffed and underpaid – but you have to do this simple step. I’m sure it was obvious in the logs since someone not only located the breach but also several breaches.
Oh, I’m quite sure we haven’t heard the last of this one.
~Geof “Reading my logs” Franklin