{"id":2148,"date":"2012-11-26T00:00:00","date_gmt":"2012-11-26T00:00:00","guid":{"rendered":"http:\/\/otava.test\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/"},"modified":"2025-11-07T06:31:26","modified_gmt":"2025-11-07T06:31:26","slug":"3-8-million-tax-records-stolen-in-largest-state-agency-attack","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/","title":{"rendered":"3.8 Million Tax Records Stolen in Largest State Agency Attack"},"content":{"rendered":"<p>Several months ago, <a href=\"https:\/\/threatpost.com\/en_us\/blogs\/south-carolina-data-breach-casts-spotlight-lack-encryption-stolen-credentials-103112\">South Carolina\u2019s Department of Revenue was breached, resulting in the loss of personal information for upwards of 3.8 million residents. <\/a><\/p>\n<p>Security company Mandiant was hired in mid-October to investigate the incident, <a href=\"https:\/\/governor.sc.gov\/Documents\/MANDIANT%20Public%20IR%20Report%20-%20Department%20of%20Revenue%20-%2011%2020%202012.pdf\">and they found<\/a> that it actually started with a phishing email way back in August. A user clicked on a link that had been embedded within the email, and their credentials were stolen. Then almost two months went by, during which time the attackers had collected passwords to all Windows user accounts and gaining access to six servers.<\/p>\n<p>Mandiant explains that on October 19th the state was able to remove the attacker\u2019s access, but at that point 44 systems had already been compromised, and as much as 74 GB of data had been taken. The files that had been taken were a mix of encrypted and unencrypted data.<\/p>\n<p>The DOR not having Social Security numbers encrypted was well within IRS compliance standards according to Nikki Haley, South Carolina\u2019s governor &#8211; \u201cThe IRS, which we were compliant with, does not believe that you have to encrypt Social Security numbers. Should we have done more? Yes, we should have done above and beyond what we did.\u201d Encryption within the DOR is in the works, and Haley has contacted the IRS to suggest they reevaluate the protocol to perhaps raise the standard in the wake of this event.<\/p>\n<p>Encryption is important, but so too is the need for education. The attackers were able to successfully get credentials from a phishing email. Training staff to better define and react to these sorts of threats can really help reduce the chances of a breach. Also, regular risk assessments can help pinpoint weak areas to give staff effective and successful training. As is reasonably being stated and restated, <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/michigan-cyber-initiative-reports-people-as-weakest-link-in-it-security\/\">people are the weakest link<\/a> in the security of an organization. It\u2019s critical to keep staff informed and sure of their processes.<\/p>\n<p>Another missing security measure was <a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/cloud-security\/\">two-factor authentication<\/a> to access sensitive tax data. Two-factor authentication for VPN (Virtual Private Network) or remote access is required by <a href=\"https:\/\/www.onlinetech.com\/compliant-hosting\/pci-compliant-hosting\/overview\">PCI DSS<\/a>, the industry standard for protecting credit cardholder data.<\/p>\n<p>Currently the state of South Carolina is paying for a year of credit monitoring for its residents, as well as insurance that should help absorb costs related to the breach. As it stands, over 800,000 people have called looking for this protection already. The DOR director Jim Etter has resigned, and with the new director comes a new look at the security policies currently in place, explains Haley. \u201cWe need a new set of eyes who will look at data in terms of security and get aggressive in terms of our tax policy.\u201d<\/p>\n<p>Take a look at our <a href=\"https:\/\/onlinetech.com\/secure-hosting\/overview\">Security Toolkit<\/a> to learn more about the different types of security, and what can be done to keep your data secure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Several months ago, South Carolina\u2019s Department of Revenue was breached, resulting in the loss of personal information for upwards of 3.8 million residents. Security company Mandiant was hired in mid-October to investigate the incident, and they found that it actually started with a phishing email way back in August. A user clicked on a link that had been embedded within the email, and their credentials were stolen. Then almost two months went by, during which time the attackers had collected passwords to all Windows user accounts and gaining access to six servers. Mandiant explains that on October 19th the state was able to remove the attacker\u2019s access, but at that point 44 systems had already been compromised, and as much as 74 GB of data had been taken. The files that had been taken were a mix of encrypted and unencrypted data. The DOR not having Social Security numbers encrypted was well within IRS compliance standards according to Nikki Haley, South Carolina\u2019s governor &#8211; \u201cThe IRS, which we were compliant with, does not believe that you have to encrypt Social Security numbers. Should we have done more? Yes, we should have done above and beyond what we did.\u201d Encryption within&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2148","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>3.8 Million Tax Records Stolen in Largest State Agency Attack | OTAVA<\/title>\n<meta name=\"description\" content=\"$3.8 million in tax records stolen in the largest state-agency breach. Learn what happened and how to protect your data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"3.8 Million Tax Records Stolen in Largest State Agency Attack\" \/>\n<meta property=\"og:description\" content=\"$3.8 million in tax records stolen in the largest state-agency breach. Learn what happened and how to protect your data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-11-26T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-07T06:31:26+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"3.8 Million Tax Records Stolen in Largest State Agency Attack\",\"datePublished\":\"2012-11-26T00:00:00+00:00\",\"dateModified\":\"2025-11-07T06:31:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/\"},\"wordCount\":481,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/\",\"url\":\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/\",\"name\":\"3.8 Million Tax Records Stolen in Largest State Agency Attack | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2012-11-26T00:00:00+00:00\",\"dateModified\":\"2025-11-07T06:31:26+00:00\",\"description\":\"$3.8 million in tax records stolen in the largest state-agency breach. Learn what happened and how to protect your data.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"3.8 Million Tax Records Stolen in Largest State Agency Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"3.8 Million Tax Records Stolen in Largest State Agency Attack | OTAVA","description":"$3.8 million in tax records stolen in the largest state-agency breach. Learn what happened and how to protect your data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/","og_locale":"en_US","og_type":"article","og_title":"3.8 Million Tax Records Stolen in Largest State Agency Attack","og_description":"$3.8 million in tax records stolen in the largest state-agency breach. Learn what happened and how to protect your data.","og_url":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/","og_site_name":"OTAVA","article_published_time":"2012-11-26T00:00:00+00:00","article_modified_time":"2025-11-07T06:31:26+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"3.8 Million Tax Records Stolen in Largest State Agency Attack","datePublished":"2012-11-26T00:00:00+00:00","dateModified":"2025-11-07T06:31:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/"},"wordCount":481,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/","url":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/","name":"3.8 Million Tax Records Stolen in Largest State Agency Attack | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2012-11-26T00:00:00+00:00","dateModified":"2025-11-07T06:31:26+00:00","description":"$3.8 million in tax records stolen in the largest state-agency breach. Learn what happened and how to protect your data.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/3-8-million-tax-records-stolen-in-largest-state-agency-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"3.8 Million Tax Records Stolen in Largest State Agency Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2148"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2148\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2148"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}