E-mail updates
Follow on Twitter
Subscribe to RSSA report is expected to be released Tuesday detailing how an unknown cyber hacker broke into South Carolina's computers and stole millions of tax returns from residents dating back years. NBC's Michael Isikoff reports.
COLUMBIA, S.C. -- A single malicious email sent to workers at the South Carolina Department of Revenue last August enabled an international hacker to crack into state computers and gain access to 3.8 million tax returns, including Social Security numbers and bank account information, in what experts say is the biggest cyber-attack ever against a state government, according to details in a report released Tuesday.
“We were a cocktail for an attack,” Gov. Nikki Haley said, referring to the necessary ingredients for cyberassault, as she released a report by a computer security firm Mandiant, which was commissioned to investigate the data breach. At the same time, Haley accepted the resignation of her Department of Revenue director, Jim Etter, and acknowledged that state officials “could have done more” to protect the personal data of state residents.
The release of the report came amid a mounting political uproar here over the cyberattack and criticism of Haley over her handling of the issue.
“I’ve gotten more phone calls and emails about this than anything else in the last four years,” said Tom Davis, a state senator and former chief of state to Gov. Mark Sanford. “There’s a great degree of anger and frustration over what happened. This is information you’ve got to give the government; if you don’t, they put you in jail. There’s a real sense of betrayal,” he said.
According to the Mandiant report, the cyberattack, which state sources say is believed to have originated inside Russia, started with a “phishing” scheme, a common tactic used by cyber criminals.
Last Aug. 13, a hacker sent multiple South Carolina Department of Revenue employees a malicious email containing an embedded link containing malware or a computer virus. When at least one of the employees clicked on the link, the malware was activated and allowed the hacker to steal the employee’s user name and password.
From there, the hacker was off to the races. Two weeks later, the attacker logged onto the remote-access service for Department of Revenue computers, using the credentials of an employee who had clicked on the Aug. 13 email. The invader then “leveraged the user’s access rights to access other Department of Revenue systems and databases with the user’s credentials,” the report states.
The attacker performed “reconnaissance activities” over the next several weeks, then started copying large amounts of data and transferring them onto zip files that were moved onto the Internet. The breach was not discovered until the Secret Service notified state officials on Oct. 10 that it had uncovered information that data on three state residents had been stolen.
Since then, Haley and other state officials have scrambled to react as the magnitude of the attack has become increasingly apparent. In addition to 3.8 million tax returns, including the Social Security numbers of 1.9 million children and other dependents, the hackers got access to data on 699,900 business tax returns and 3.3 million bank accounts.
The attack has exposed vulnerabilities that experts say will cause state governments across the country to reexamine their cyber-defenses. Although South Carolina had encrypted credit card numbers according to industry standards, it had never encrypted the Social Security numbers. And some cyber experts say there is evidence that that data may now be marketed on Internet black market sites that peddle personal information on millions of Americans.
Haley on Tuesday blamed the federal government for not requiring Social Security numbers to be encrypted. She released a letter to IRS Commissioner Steven Miller “to strongly encourage the Internal Revenue Service to require all states to have stronger security measures for handling federal tax information, particularly encryption of tax information that is stored or ‘at rest.’”
Leave a Comment:
Let's see if I have this straight; a proponent of 'smaller government' is now blaming the feds for not 'interfering' more in the state's handling of data? What's up Nikki, not smart enough to know this, or just too cheap to spend the money needed to do a good job?
I'm sure that by the time this gets to FauxNews, it will be all Obamas fault. I'm waiting for the RWNJ to appear here and 'spin' this....
I know, I read this article with straight face until the last paragraph. Their hypocrisy and paradoxical thinking amazes me.
Haley on Tuesday blamed the federal government for not requiring Social Security numbers to be encrypted.
Yo Niki,
You're too funny. It was YOUR state that got hacked, not the federal government, yet you want to blame the Feds. Tighten up your security. You bitch about federal intrusion into the state and individual yet when YOU get hacked suddenly YOU want to pass the blame. Sorry sweetheart but the buck stops with YOU!!!!!!!!!
Anybody want to place bets that the SC congressional delegation asks for a 'federal bailout' for the poor bastards that get their identity stolen because of this?
Wait, what?! A republican governor asking for more federal regulations??? Don't they usually scream for more freedom for their state? These scumbags are so shameless, it's hilarious! Well, sorry SC, you got what you voted for. Maybe next time you will put a little more thoughts into it.
AMEN.... I was going to say the same thing...But you just said it much better....
Since when does someone who exists to gripe about Federal intrusion need for "da Gub'ment" to tell them to do their job of protecting taxpayer information. You need "Big Brother" to TELL you to encrypt that information?
Within a couple of months of using my credit card to pay some business back taxes here in the USVI, my credit card was "compromised" with a duplicate card in Alabama. How do I know they made a duplicate card? Because they were used in retail stores, not online. Stores require a card to scan, especially Winn Dixie, Lowe's, and JCPenny's. I can understand how this would have happened with one of these hackers and their vicious emails. That is why I NEVER open any email from someone I do not know, especially if it has attachments or links.
anti-trust: Big Brother knows who cloned your card, they didn't do anything about it, but they know about it.
People are going to be changing bank accounts, getting new tax id's left and right.
The anti- ID theft companies are going to make a mint in SC.
PBS ran a series on this last year about cybercrime and how bad it's going to get.
Soon, it's going to be apparent that we need to go backwards and stop doing certain things online.
Back in the day, you had to step foot in a bank to rob it...no more. And the costs of doing business this way are going increase 10x due attacks like this.
*IF* this is true, is the State of South Carolina going to offer, at no charge, identity theft protection for at least a year for every state income and business tax filer as my bank did when they got "hacked"?
This is called (if I remember from the last election) "taking responsibility".
qudreps, yes, the state of SC (I live here) has contracted with Experian to offer identity theft protection at no charge for one year. In addition, I have added a "security freeze" to prevent any new credit card, bank account, etc. from being opened in my and my wife's name. I have never paid income taxes using a credit card so the hackers don't have that information (yet) but knowing they have my SS number is bad enough.
You go to jail for not giving them the information. So what happens when they let it all get stolen? One token employee fired end of responsibility for the government. That is not acceptable.
Having your SSN, et al, on the Internet would certainly "threaten" your whole life.
Guess we will have to see if those "computer experts" can tract down the scoundrel(s) in Russia who did this then Mr. Obama can implement his "more flexibility" with the Russians.
BTW: here comes the Internet Neutrality Act and the U.N. imposing a fee on Internet users.
By asking for Federal Government help, and blaming this on the IRS Gov. Haley is trying to pass the buck for her obvious incompetence. Of course, to allow this to happen many people made stupid mistakes, not the least being the right-wing conservatives of South Carolina who gave her the job. As Bobby Jindal has pointed out the Republicans have to stop being the party of stupid.
As long as the info is only used to get employment or social services then no crime has been commited. It's only a crime when the info is used to steal from the person the info belongs to as per the justice dept..
Don't these idiotic employees who have access to almost 4 million persons private info, have common sense not to open a unknown email sent to their employment??? Also most times it's the attachment with the email that has the virus/malware..that too should never been clicked on!!
Stay off the porno sites and do your job you're being paid to do!
Freecreditscore.com did it
Before ever finishing this article, I wondered how long it would take before someone politicized it. That was a short wait - and from the "Tolerant" and "Enlightened" crowd.
So Haley is claiming that a simple lack of a federal regulation is to blame for a theft of S.C. taxpayer information from the S.C. government? That doesn't even pass the initial whiff test. S.C. should have implemented it's own encryption or beefed up security in other ways to make sure the theft could not occur. Now that it has, Haley should resign.
Oh, and OF COURSE it's politicized...it involves government and elected officials and their appointees. Of all things, this is one that SHOULD be politicized...for cryin' out loud. Did you even think at all before commenting???? Or are you just a republican apologist?
The crooks have to beat my wife to the checking account funds first.
I had my Debit card copied - I'm pretty sure it was at Olive Garden - restaurants are the number one place your card gets copied. They rang up $1,700 in about 2 hours at two Malls before the card went into automatic shut down.
Who steals more - cyber crooks or employees who spend have the day at work on the Internet?
It's a government issue - what should posters have made it? You could use some enlightenment.
That is what you get when you allow politicians to put their friends in cushy 100k dollar jobs, and don't know what the hell they are doing. Wasting taxpayers money!
Haley on Tuesday blamed the federal government for not requiring Social Security numbers to be encrypted
==============================================================
Efff-----g bimbo b1tch, it's her and her states rights screw up, she personifies the hypocrisy of today's new, improved GOP/TP. .....and Republicans, Fox News, Palin, etc., wonder why they lost the Presidency, and lost seats in the House and Senate as well....it's your lack of brains, stupid!!!
who required SSN to be issued? who is responsible first and foremost to protect citizens from both foreign and domestic enemies? again the left just wants to blame someone for pointing out that it is the federal governments responsibility to make sure the SSN that they require us to get are in fact secured from theft by both foreign and domestic enemies. the state has the responsibility to make sure our SSN are safe as well, the blame is at all levels.
do you think that it requires regulation to solve this problem? do you even know that regulations and responsibilities are not the same thing? the US government is responsible to adhere strictly to the US constitution and nothing else. the US government uses regulations to create powers not otherwise granted by the constitution.
when will the failures of government ever make it to the minds of the indoctrinated? when something is wrong why do you say the problems do not exist? when someone points out a problem why do you say they are a nut and ridicule them? how can you call yourself a winner when you step on those you compete with? how can a leader lead when he has no leadership skills? how could people vote for anyone that tells lies to their face?
when the lead lemming falls of the cliff the other lemming followers do not second guess the decision of the leader regardless of peril, they just blindly follow. this is how voters are to politicians.
arslp
Before ever finishing this article, I wondered how long it would take before someone politicized it. That was a short wait - and from the "Tolerant" and "Enlightened" crowd.
=================================================
To Mr. unenlightened: bimbo Haley politicized it (not the posters) by trying to shift the blame from her irresponsible, incompetent self to the intrusive, overly large Federal government, but don't worry, I'm sure that Jim DeMint will rush over and massage her bruised ego, wherever he thinks that might be.
Looks like the Republicans want it all. damn if you do or dont everybodys fault but theirs they disgust me
"It has become appallingly obvious that our technology has exceeded our humanity."
"Technological progress is like an axe in the hands of a pathological criminal." Albert Einstein
bluegrassguitar... Is that a D-28?
Swagganaut
do you think that it requires regulation to solve this problem?
==============================================
.............Ummm, why are you asking us, ask Haley the rocket scientist, she's the one who complained about lack of Federal regulation on encrypting, can't you read?
So what's new...just another republican hypocrite. Just like Paul Lyan', er, Ryan who screamed the stimulus didn't help the economy but behind closed doors begged for some. Just move on...nothin' new here.
This sounds like an excellent opportunity to disban the IRS, abolish corporate and personal income taxes, and convert to the "Fair Tax." I wouldn't necessarily stop personal information theives, but it would:
I urge you to check out www.fairtax.org to learn more.
The Dog
im not in agreement with haley but im sure not gonna just ignore a serious problem because you people on the left want to be braggarts about an election. she is responsible to protect our SSN just as the federal government is. we dont need regulations to do the obvious but i guess your a okay with just blaming for blames sake.
chase-378047
no stimulus has ever helped a struggling economy, it has only prolonged the pain and put us in further debt. its not the governments job to take my money and give it to someone else. free market has always worked until government gets involved for power, greed is not limited by anything but other greed.
I just remembered that I worked at a place a long time ago that had a sign up on the wall. It said that if you did something good, you got an "Atta Boy", and after 1,000 "Atta Boy"s, you got a gold star. However, if you got just one "Aw Sh1t", it wiped the whole slate clean. Seems like Gov Haley just gave the GOP/TP another "Aw Sh1t" today. These new age Republicans really need to learn to keep their mouths shut.
Swagganaut: im not in agreement with haley but im sure not gonna just ignore a serious problem because you people on the left
================================================
Why is it people like you assume that because someone disagrees with you, they are on the left? Maybe it makes you feel good to make that accusation, but it shows your ignorance. I am not on the left, I am anti-stupidity in this country, but people like you wouldn't understand that. I don't like the DEMs and a lot of their agenda, e.g., I do not support the DREAM Act. I am for the Middle Class and Main Street, unlike Gov. Haley and her bullcrapping friends in the GOP/TP.
I'm glad I live in a state that has no income tax.
Fascinating. I didn't know S.C. had 3.8M residents. All those hillbillies in one little state. The mind boggles.
That's what Haley claims, but the cost of that $12 million fund will be passed along to the taxpayer. It's always the taxpayer who ends up covering for incompetence in government.
And Haley is a hypocrite, trying to pass the buck for responsibility to the federal government. Don't let her fool you. She'd have fought a federal regulation to require encryption of S.C. taxpayer's SS numbers.
Once again, smaller "gubmint" Nikki Haley has things bass aackwards! Obviously, too much faux news.
@Magic Rat: the state of SC tried to leave the USA for good once, but your Lincoln and his genocidal Blue Coats forced them back in. LOL.
these are your posts. while yes i am assuming you are left of ME which is very true. you are left of right and maybe right of left but you are no moderate or independent. being against the dream act does not make you 'not left', its your vitriol and rhetoric that you use to describe haley and "gop/tp" that makes you 'left' in this context of only going after a republican and not any democrats.
maybe you are a progressive? even worse that would be but you are not someone who works to solve issues, instead you just blame because someone told you to blame.
fed government should have long ago required all SSN transactions encrypted as well as certain personal information. this does not require any regulation to implement as there are already encryption protocols at the federal level in place. haley is a fool but so are the feds, you cant point out one clown without pointing out the rest.
Ted Koppel thinks that cyber security isn't covered enough by the media. He thinks it is a major issue that is lacking the attention it needs. He said this (in more eloquent terms) in his interview with Marvin Kalb in "Twilight of the Network News."
To mike277
Regarding your statement: "Don't these idiotic employees who have access to almost 4 million persons private info, have common sense not to open a unknown email sent to their employment??? Also most times it's the attachment with the email that has the virus/malware..that too should never been clicked on!!Stay off the porno sites and do your job you're being paid to do!"
You must only work on your computer at home. The majority of the emails I get during the day have attachments, they are work related and over 50% are from people I do not know. We have to open the attachments, they are usually medical, legal, etc attachments. However we get the hackers too, despite thousands and thousands spent keeping them out. Good news is that all of our SS numbers are encrypted and cannot be sent unless they go secure mail. Our IT guys have to send out at least 2x per week emails about new threats. Unauthorized use of our computers and the internet is monitored like Big Brother so there is no Internet browsing. Just saying that you do not need to be doing anything other than your job for there to be a cyber attack.
This only going to get worse. These guys are good at what they do.
I, for one, hope this guy gets his cojones chopped off for this! Sick of the ongoing fraudspamcyberattacks. I get email from Nigerian Doctors, banks asking me to verify my info, and pharmacy emails overflowing my junk mail. ENOUGH IS ENOUGH ALREADY! Deal with these crimes swiftly, and maybe for once, they'll take a step back and reassess if this path is worth it for them instead of putting those brains to work at a real job!
Sounds more like they should have fired the IT Director, it was his responsibility to ensure the security of the network.
I have worked for two government agencies, one federal and one state and contracted to two others, and have found that in nearly every case, they are plagued with political nonsense and the incompetent IT staff have usually gotten their position more due to politics than competency.
It's not just the money. They now have the ability to get a full set of credentials with your information on it. There's no insurance for being arrested for being in default of a warrant in a state you've never stepped foot in.
Smaller federal government? Can you imagine these people in charge of clean water? Air quality? Food standards?
Let me make this perfectly clear, The Government does NOT care about your SS# and ID Theft. They profit from it, just as much as banks do. They both know that the Original Michael Coats lives in Tennessee. They also know the fake Michael Coats lives in Colorado. I was lucky enough to have a cool SS Admin Agent show me ALL the fakes, (There were a lot of them.) Same for the IRS, and the Federal Reserve. They collect taxes from the fakes, SS, Payroll, etc. Unfortunately, I am not eligible for all the fake taxes to come back to me, which tells me MY Government is complacent in the theft and ID fraud.
I hate you, Federal Government! Get out of my life!
Now save meeeeeeeeee............
yeah, /s
No you do not have it straight, nor you others as well. You have only what MSNBC tells you to think. Haley did not "blame" the Fed at any time, she stated "South Carolina is compliant with IRS rules, but the IRS does not require SSNs to be encrypted" and sent a letter to the IRS suggesting they begin requiring encryption in their standards. You also do not have the fact that SC has offered all state residents free security through Experian because of this because MSNBC did not tell you to think that. You also do not have that the political bottom feeders spent 2 weeks spouting to every media outlet that would listen about why they were not told about it earlier when that was the request from the federal investigators instead of doing something about the problem and that the "class action" lawsuit the media is drooling over is by an ex-politico who lost the election and happens to also be a lawyer and has tried multiple times to sue Haley before. You do not have any of this because MSNBC did not tell you to think of it. Instead they told you what they wanted you to know fully aware that most would just react and make comments rather than check it out. Media education is not education at all.
Remote access is so now, we just have to have it! Not until you idiots know how to safeguard your data.
We need a new and improved National ID/SSI card. I can't figure out how the SSI 3+2+4 digit scheme is adequate this day in age. You have Republicans screaming for the need of state issued voter ID cards that you have to jump through hoops to obtain, yet the SSI number has virtually no safeguards and is used in so many aspects of our lives. Come on Congress, get your fricking act together and join the 21st century.
Please...Gov. Haley could have instituted safer measures anytime she wanted. But she has to wait for the Federal Govt to tell her before she makes it happen? Then whine about too many Federal regulations.
The sheer lack of responsibility is mind boggling. This is why the Federal govt has to make laws and regulations in the first place...because the states show no sense of responsibility or take action on their own unless forced. Like little kids....
But wouldn't that be a Federal Regulation? I thought you righties hated those and the dadgum gummint that makes 'em.
Isn't Haley's smarter-than-the-feds hallowed State Government (hear the angel chorus?) smart enough to figure this out before the crisis happened?
I'm shocked.
Now Gov. Haley wants the feds to regulate? Funny republicans like regulations when they feel like it, they like federal support when they suffer a natural disaster and sure as heck don't mind taking more money from the federal government than their red states put in in general. They make me sick.
Yeah......those doggone politicians.
Mr. Obama and his Progressive administration has implemented about 6,500 (or so) new regulations within the past three months.
Yeah......those doggone Progressive~Liberal~Democratic politicians.
Yep, it is gonna make you even sicker when you find out which of these regulations is going to hit you in your pocketbook.
The election is over and you lost. Four years of whining?
Yes the election is over so stop whining. Of keep whining .. who cares. FTR there were more regulations passed by Pres bush than Pres Obama. You RWNJ just hate dealing with facts and math.
Check out Right sided Arizona and the over one thousand bills their GOP corp-gov-legislature has ramroded through with no opposition. Don't drink the water there for sure.
6,500 new regulations Ido? Really? Can you just name a couple that don't come from your fantasyland?
so there are no new regulations? do you always blindly defend someone?
ldo
Yep, it is gonna make you even sicker when you find out which of these regulations is going to hit you in your pocketbook.
===================================================
So tell us, Mr. Brilliant, which ones are those, or should we just trust in your ambiguities and generalities?
um, new regulations passed have already increased our burden by more than it should ever be along with the ones passed under bush and before him. regulations are about control, not responsibility.
Swagganaut
um, new regulations passed have already increased our burden by more than it should ever be along with the ones passed under bush and before him. regulations are about control, not responsibility.
=====================================
please name and describe those new regs. If businesses exhibited the level of responsibility we expect, then I agree control would not be necessary, but the recent Wall Street fiasco has shown we can't trust them. Perhaps we should eliminate all regulations on the auto industry, and allow thousands of people to die on our highways due to all the dangerous vehicles that would result.
wall st fiasco? your kidding right? i guess you have been brainwashed. the GOVERNMENT is the one who created the whole mess, they basically played around with the economy and screwed it up. dont put all the blame on civilian greed when its the government job not to be greedy and it has done just the opposite.
you ask me cite one reg but i cant even begin to explain why that in of itself is the most ignorant thing anyone has ever said, ever. there are always new regs regardless of who is president and each reg COST SOMEONE MONEY or did you not take any school classes. some regs are good but most are bad.
here please go look for yourself at all the regs that cost someone money http://www.gpo.gov/fdsys/browse/collectionCfr.action?collectionCode=CFR
regulations are solely for control and there is no argument. the basic definition of regulate is to manipulate something but i guess you just take the governments word.
Regulations can be subjected to those who just rally count. For instance, the government fixed up (widened) a six mile stretch of the highway;they then changed the speed limit from 50 to 60 mph. Some anti-government malicious person will subjectively call it a "new regulation"
When Swagganaut but the blame for CDO and CDS liquidation of the global economy 2008 through 2010 on the US Government I just had to shake my head. Excuseme Swahhanaut, of the $3 trillion in CDO, CDS out there, that the banks defaulted on, how much was issued by the government? That would be $0. How much did the government bail-out the masters of the universe? A lot, which is why Greece has 25% unemployment and we dont
Swagganaut - true beliiver and kool-aid drinker. No fact will ever cause realignment of Swagganaut's pre-formed opinions.
Written by fact-free idiocy - Swaggernut
Ya, no sh1t. I really like regulations that don't change anything. Effective government at its best. Idiot.
Yep, blame the federal government, fire your Department of Revenue director and play CYA. Way to accept responsibility Gov. Haley. Trouble is you can't even tell your constituents the buck stops with you because somebody in Russia has it now.
Resign or recall the stupid biatch. Immediately! Take some respsonsibility for your lack of actions to require more secure and encrypted data and go find a more dignified way to make a living that matches your qualifications..... like working the streets and selling your only ass et of any value.
Most illuminating... if the peons don't give their information to their government masters, they go to jail. But if the government masters can't secure that information - well... ain't that just too bad.
This was a TOTAL LACK of proper protocols. If a SINGLE government drone employee can compromise an entire STATE, then the killer hacking bees will invariably attack.
Do they not have anti-malware on these government computers? My god, even an idiot knows how to do that.
But then again - we are talking about the government... so my last statement may not be true.
The problem is...... the employee (who most likely has a degree in political science) clicked on a URL that was embedded in an e-mail. That's a basic computer security no-no. Unless you know where it's taking you, don't click it. I would love to see the e-mail that was used to "trick" this government employee (probably something like "go to www.regulatorsgonewild.com and see how liberals are messing up the country").
Her administration should be setting up sane IT rules similar to fortune 500 companies and disallow employees from going all over the web on company assets.
I thoroughly appreciate the irony (along with many other people posting today). When a tea party darling asks for more regulations and guidelines.
I am a federalist as well, but if she wants to be in charge, she needs to accept responsibility for how her state conducts their business.
Very poor security design. No one employee should be able to get to all that information. On top of that you never use only a single userid and password for remote access to sensitive information. You should always require 2 one of which is generated randomly by token or security app. Then again government employees are not the brightest, once they get their foot in the door the union prevents getting rid of incompetence.
Jacques... "For every action there is an equal and opposite government program." Bob Wells
why do you people always use "regulations" as both the anti and pro stances on any republicans? regulations are about control not common sense. we dont need any regulation to tell any government agency that they need to protect our SSN that they mandate we have. ITS REQUIRED!!!! regulations are never an answer to solve problems.
Not only is more regulation a bad idea, what they are proposing won't always work. The people coming up with these laws don't understand enough about technology to propose the proper requirements. I've worked with customers that were subjected to these "data at rest" encryption laws required of goverenment vendors. Most of the ways that I have seen it implemented would not have prevented this, and this is the most common method of attack.
...why is it the fed's fault when good security practices require encryption? especially after a year's long string of data breaches. do security people not read the news?
I watched a video today about the design of Windows 8. One of the things the presenter mentioned was an anecdote about a clock maker; "a watch owner goes to get his watch cleaned. As the clock maker takes the watch apart the owner notices a very beautiful inscription in Latin. The owner asks what the clock maker why he spent so much time inscribing the clock in a location where nobody will see it. The answer was that God would see it".
The point being that if you just strive for mediocrely we will never move ahead. Gov. Haley says that the Federal Government never required the SC IRS to encrypt SSN. Basically saying that we did the minimum required and never strived for perfection, going the extra mile, etc.
No wonder so many things are falling apart. One would like to think that in the age of the Internet and cyber crime that someone that is tasked with protecting the sensitive information of the citizens of SC will also have their best interest in mind. At least when it comes to something like this.
I live in NC but that is not to say that it could not happen here or any other state. Why don't we try to go the extra mile without having the Federal Government telling the states to do so.
To Gov. Haley; the blame for this does not belong with the US IRS but with you and you alone. You are responsible for all parts of the SC state government....nobody else. Try to keep that in mind.
Ha Ha Ha! I can't stop laughing at the hypocrisy of the same governor who believes in state's rights, smaller government, and hates big bad federal government. And now she complains because the federal government didn't have stronger regulations in place?? Really? Was someone stong-arming her to prevent the state from doing something to safeguard their computer systems? Of course not. Shame innocent people were affected, but oh, the hypocrisy! Nice job Guv.
Frightens me to think of South Carolinan's building commercial aircraft.
And not to mention the rocket scientist employees who clicked the link...
The joke is that most companies and individuals have software that prevents people from getting phishing attacks. Sounds like the state is missing even the most basic training and security software.
It is funny when you talk to government organizations and they don't want to put their information 'in the cloud because of security'. In the cloud the best security in the world is applied, at the government you get professionals who couldn't get a higher paying job elsewhere watching your data. Classic.
One of the biggest TeaParty Girls in opposition to everything Obama and yet MILLIONS of people and businesses are REALLY at risk of major financial disaster!
HURRRRAY for the TEAPARTY!!!
Small government brought to Georgia by Nikki Haley who should be responsible for this catastrophe!
How's that TEAPARTY thing workin' out for ya!
Ehhh, we are taking about SC here and not GA.
Jeff and those who liked his post aren't concerned with accuracy, like Gov. Haley.
Each state 'verifies' with the IRS the numbers that are inserted into your state return. If the IRS couldn't verify because the state info is encrypted then it is useless. How about no income tax and only state and national sales tax... no reason to even file a return; but then a large chunk of the government would be downsized. Looking out for THEIR jobs!
Well, here's the thing, the IRS already has an encryption program. They can send it to the states which will allow the states to encrypt the tax id #s and then send them encrypted to the IRS, which can unencrypt them and verify. Amazing that if you think, solutions can be done.
Why would the state not encrypt names, addresses, account numbers, virtually everything that is stored on a computer that hackers can get into ?
I can see the lawyers lining up on this one already.
SC is gonna be paying for the next 40 years off of this one. And businesses will be leaving left and right.
GOOD JOB YOU TEA PARTY HACK !!!!!
The solution is in "Plain Sight!"
Filing a tax return is clunky, unneccassary, and costly to tax filers, and tax agency (IRS) or state revenue agency. I agree with another poster here that we do away with such an unproductive system that costs more to administer- than if we simply used a national sales tax, or flat tax.
as compared to a democrat hack? so when clinton sold our military secrets to china, you were okay with that? both sides have hacks but nice for you to be one of them.
You are only as safe as the dumbest person around you lets you be. That goes for the people that live in your apartment house or neighborhood, share the highways with you. prepares your food, fills your prescriptions or handles your sensitive documents.
You are correct.
Thanks for that reminder. I'm not going to sleep too well tonight. There are a LOT of stupid people where I live.
Funny how people blamse somebody else for their own stupidity.
Why was the hacker able to use the employee's password TWO WEEKS later? You would think that employees would be required to change passwords VERY often!
You've got mail!
Tragic. This really constitutes a very serious crime which should be punishable by many decades in prison.
We need to start handing out 50 year prison sentences for this kind of activity, but good luck on finding the perpetrators of this crime. Heads should definitely roll for this one---starting with the idiot who clicked on the malicious link in the email.
The malicious emails we get and the attachments are disguised to look like internal emails. Our IT workers are updating every night and we are a huge agency that encrypts SS numbers and other personal information. It is not usually the one worker, its related to staying ahead of the hackers. look what they are doing to the banks. This agency did not have the basic encrytion that they needed . Agency issue. It's amazing how many people think this is one person who messed up.
As long as our personal information is stored in a data base, any data base, we are each and every one of us vulnerable.
Isn't this is the state where all the "Christian Exodus" folks are?
Just pray that your identity is not stolen. Problem solved.
Arizona is more Right Wing whacko.
In China, something like this would mean the death penalty for those responsible. Too bad we can't do the same here in the States.
It is pathetic how laxed our social security numbers are treated. We have to pass around the number like it is money and we wonder how this kind of BS happens.....
True, this was Hayley's responsibility, too. But what many are not getting out of this is: if the federal government had (had already) required encryption of SS numbers from say... years ago (when they truely should have when ID theft was commonplace at least a decade ago), then the safeguards for SS encryption would have alreayd been taken care of. Why just credit card number encryption requirements? SS numbers are much more suseptible than credit card #'s. Sheeeesh! An oversight by the fed's, of course.
So in essence, its the federal Government's fault, meaning: it's Obama'a fault, too, of course? (yes).
Great sarcasm. I was waiting for someone to "blame" Obama.
Ok folks. Now you see what we South Carolinians have to put up with! A Republican governor, a Republican dominated state legislature, two Republican senators and a majority of Republican representatives. It has been this way for about 20 years. No wonder South Carolina is first in the worst of things and last in the best of things.
Take heart Jeroc. I think SC wants to secede. I say let them.
Yes, I blame the one on the top of the ladder, in this case, Haley.
However, there is also blame to be had on part of the IT personnel responsible for the system in question. There are very simple tools available to stop networked computers from being able to access "suspicious" websites, even when clicked from an email link, as well as software the "removes" the link itself from the email.
Obviously someone higher up on the ladder (maybe Haley) rejected a proposal from IT to implement this type of email/Internet filtering system. But hey, this is one of the choices that need to be made when "cutting" budgets. Someone made a choice, and this time it turned out to be the wrong choice!
Uneducated folks underestimate the probability of getting compromised, and over estimate the ability of worker robots to be able to see/indentify something that is malicious.
This is a significant failure within company's of all sizes as well as government agency's. Folks think that because they get nothing physical out of buying/implementing these softwares, that to spend money on it is a waste, until they are the ones that get hacked.
IT infrastructure IS VERY EXPENSIVE to keep up with current technology, but even more expensive NOT too!
Hacking is way to easy these days with so many simple ways to get into and compromise computer systems. Heck, a 10 year old kid can simply google, download, install, and use a great many hacking tools without having any expertise in hacking whatsoever!
You've just given my 10 year old grandson a bad idea.
That's why they're referred to as script kiddies.
If this Tea Bagger/GOP had been paying attention to what she was elected to do, serve and protect the people of South Carolina, and not in kaniving on how do defeat Obama this probably could have been prevented. In August she was preparing her speach for the RNC. I suggest the citizens of South Carolina impeach her or have a recall. This is TOTAL derelation of her duties. Get rid of her. She is a typical Tea Bagger looser. HOWEVER, SHE IS BLOND SO SHE MAY SURVIVE A RECALL.
The people of South Carolina deserve what they got.............. who cares?
Somebody out smarted the security system from a foreign source.But go ahead,blame Bush and the Republicans because it is so much easier than finding the real culprits.
Sorry to be the first to say this, "It was an inside job"...no hacker hacked their system...
Ok, lets say they did, I guess they were from China...
Nigeria is well known for online internet scams.
Read the article. It said the hacker had a Russian address.