- Associated Press - Wednesday, October 31, 2012

CHARLESTON, S.C. (AP) - Millions of Social Security numbers and business records from tax returns as far back as 1998 were hacked in South Carolina and experts said Wednesday it may be the largest cyber-attack against a state tax department in the nation’s history.

State and federal officials are investigating the hacking they say may have started in August and was discovered last month. They say the vulnerability in the system was fixed Oct. 20. The 3.6 million tax returns filed since 1998 included Social Security numbers and about 387,000 credit and debit card numbers that were also exposed, 6,000 of those unencrypted.

In her daily update Wednesday, Gov. Nikki Haley said up to 657,000 businesses have also been compromised.

“I believe it might actually be the largest against a state government, but certainly of a state tax department,” said Paul Stephens of the Privacy Rights Clearinghouse based in San Diego.


“We’ve never heard of anything like this so I think you can say that,” agreed Verenda Smith, the deputy director of the National Federation of Tax Administrators in Washington.

The state has agreed to pay Experian up to $12 million for taxpayers enrolling in a service that provides a year of credit monitoring. As of Wednesday, 418,000 people had signed up. Dun & Bradstreet Credibility Corp., has agreed to provide businesses a credit alert service at no cost to either business owners or the state, for the life of the business, Haley said. A website and toll-free number for that should be available by Friday.

Also Wednesday, a former state senator filed a lawsuit against the state Department of Revenue and the governor accusing them of failing to protect taxpayers. Attorney John Hawkins is seeking class-action status hoping to represent all taxpayers whose Social Security numbers and credit card information were compromised.

He says the hacking of millions of personal records amounts to a class-five “cyber hurricane” and the state should have taken cost-effective steps to protect taxpayers’ information and notified the public sooner.

Haley, who opposed Hawkins’ attempt this year to regain his Senate seat, discounted the lawsuit.

“There is a trial lawyer with a hand out and a tissue ready at any crisis, and he has just proven that,” said Haley, who endorsed Hawkins’ winning opponent for the June primary.

There have been bigger security breaches of information that could lead to identity theft in both the private sector and the federal government.

Private information for as many as 76 million veterans may have been compromised when a defective hard drive from the Department of Veterans Affairs was sent for recycling with the information on it.

The largest case of credit and debit card data theft in the nation occurred when a hacker, sentenced two years ago to 20 years in prison, swiped information on 130 million accounts.

One of the issues swirling around the South Carolina hacking is should the information have been encrypted.

“The question is wrong,” said Smith whose agency provides services and training to state tax officials and agencies. “It’s not as simple as do you encrypt Social Security numbers. Everybody encrypts. It is just a question of what stage it is in and where it is if it’s not encrypted.”

Story Continues →