|
Videos
November 26, 2012 By News Staff
Following the security breach in South Carolina that cost the state more than $14 million, compromised personal and financial data of millions of residents, and led to the resignation of a Department of Revenue official, the state commissioned a report of the event.
According to security firm Mandiant, the attack was most likely caused by an employee who "unwittingly executed malware, and became compromised" after clicking an email link.
Once the attacker had legitimate credentials, the report states, he or she logged in via a remote access service and obtained more account passwords. Now with access to many accounts, the attacker was able to look around the state's systems during the following weeks and by Sept. 12, the attacked had gained access to databases of personal information. Before the state sealed its servers from further outside access, the attacker logged in to 44 state systems.
The initial data breach occurred on Aug. 13, but the breach was not identified until Oct. 10, when the Secret Service informed the state that the information of three residents appeared to have been stolen. Questions of why it took the state so long to identify such a thorough breach of security and who should accept the blame for such a breach have different answers.
The state blamed the Internal Revenue Service for not mandating that the state encrypt social security numbers. Others blamed recently resigned South Carolina Department of Revenue Director Jim Etter, who declined an offer for free breach-detection services from the state's IT department.
A report detailing the attack is below:
You may use or reference this story with attribution and a link to
http://www.govtech.com/e-government/Data-Breach-Where-Did-South-Carolina-Go-Wrong.html
.jpg)
What is Big Data? What can it do for you? 
Discover the BI capabilities you already own.
A more important question now is "What should businesses and people do to protect themselves?" Personal Firewall Project is a public service campaign that offers a proactive solution to prevent identity fraud and the negative impact on not only residents but businesses in South Carolina as well.