SC cybersecurity 6 years after 6 million tax records stolen
CHARLESTON, S.C. (AP) — Six years after hackers stole millions of South Carolina tax records, the state has ended a program to monitor victims’ credit records, and is still working to improve cybersecurity.
The state adopted industry standards about centralizing security rules for the state’s 100-plus agencies, but state authorities are just now coming up with a system to check whether those agencies meet the standards, The Post and Courier reported .
Such a lag isn’t surprising, one cybersecurity analyst said.
“This is typical for state and local governments because they don’t have the resources,” said Avivah Litan, a senior analyst with Connecticut-based Gartner Research. “They shouldn’t be doing this anyway. We need a federal cybersecurity strategy.”
No arrests have been made in the 2012 theft of more than 6 million personal and business tax records.
It is still being investigated, so the State Law Enforcement Division cannot release any information -- including whether identity thieves used any of the stolen information, officials said.
The state offered free credit monitoring to protect victims from identity theft. About 1.5 million enrolled the first year, and about 200,000 renewed annually until the program ended in October, according to the Revenue Department. It said it paid two companies $18 million over the past six years.
Gov. Henry McMaster’s office said it is satisfied with the tax agency’s finding that the program did what it was meant to.
Since the 2012 theft, state government agencies have reported 10 data breaches affecting nearly 29,000 people, according to the S.C. Department of Consumer Affairs. A spokeswoman said a public records request would be needed to learn which agencies were hacked.
All state employees now take annual computer privacy and security training and all agencies must submit security plans. The Department of Administration offers assistance and feedback on plans, reviews spending requests and hosts an annual cybersecurity summit.
Information from: The Post and Courier, http://www.postandcourier.com