COLUMBIA — An international hacker broke into the South Carolina Department of Revenue computer files and gained access to about 3.6 million tax returns, state and federal officials announced Friday.
“This is not a good day for South Carolina,” said a somber Gov. Nikki Haley, who is known for encouraging state workers to answer the phone with, “It's a great day in South Carolina.”
Haley said the hacked files included state returns submitted since 1998 with unencrypted Social Security numbers. There also were about 387,000 credit and debit card numbers of which 16,000 were unencrypted.
Officials said people whose information has been compromised will get a free year of identity protection service provided by Experian and paid for by the state. It wasn't clear how much that would cost the state.
S.C. State Law Enforcement Division Chief Mark Keel said state officials were made aware of the problem on Oct. 10 by the U.S. Secret Service. He said the hacker may have gotten into the files, stored in a computer in Columbia, as early as late August.
“In the past two weeks, state and federal law enforcement along with the Department of Revenue have come together and done everything they need to make sure those holes have been plugged and we no longer have any holes we are aware of at this point,” Haley said.
She added, “I have made it very clear to my chief I want this person slammed against the wall and make sure this is something we don't have to deal with, but unfortunately in this day and time we do have to. It's no longer about inside hackers, it's about international hackers.”
Officials said the breach was completely closed by Oct. 20. They said they don't believe there was much additional damage after the problem was discovered Oct. 10.
They said the hacker's computer had an international IP address, but they would not say which country the hacker was in. Officials said not all the tax information was extracted from the system.
“Our state will respond with a big, large-scale plan that is somewhat unprecedented to take care of this problem,” the governor said.
Anyone who filed a South Carolina tax from 1998 onward is being asked to call (866) 578-5422. All taxpayers, whether they filed electronically or with paper returns, are being urged to call the number.
In addition to working with the federal government, the state has hired Mandiant, a private information security company, to assist in the investigation.
Haley was asked why state officials waited weeks to notify the public.
“This is the difference between finding the person and finding how they did it,” she said. She added that law enforcement needed time to investigate.
“We needed to find the person. We needed to find out how they did it and we needed to find out everybody involved, and the only way to do that was to allow them to go through the process they have gone through,” she said.
Keel would not say if authorities have identified a suspect. He said the criminal investigation is ongoing.
On Friday, the governor asked state Inspector General Patrick Maley to review cyber security for all state agencies and make recommendations for improvement.
Earlier this year, the personal information of 228,000 Medicaid patients was stolen in South Carolina and a former Department of Health and Human Services project manager was arrested.
“These are two totally different situations,” Haley said. “That was somebody within the agency that had been part of the problem.”
The U.S. Secret Service's electronic crimes task force works nationwide, said Mark Williams, the Secret Service agent in charge for South Carolina.
He said the South Carolina case was one of the largest the agency had handled.
Check to see if you were affected by the breach:
Anyone who filed a South Carolina tax return from 1998 to present date is asked to call (866) 578-5422. This applies for all who filed on paper or electronically.