IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Data Breach: Where Did South Carolina Go Wrong?

A security firm's analysis showed the attack was likely caused by an employee who "unwittingly executed malware" after clicking an email link.

Following the security breach in South Carolina that cost the state more than $14 million, compromised personal and financial data of millions of residents, and led to the resignation of a Department of Revenue official, the state commissioned a report of the event. 

According to security firm Mandiant, the attack was most likely caused by an employee who "unwittingly executed malware, and became compromised" after clicking an email link.

Once the attacker had legitimate credentials, the report states, he or she logged in via a remote access service and obtained more account passwords. Now with access to many accounts, the attacker was able to look around the state's systems during the following weeks and by Sept. 12, the attacked had gained access to databases of personal information. Before the state sealed its servers from further outside access, the attacker logged in to 44 state systems. 

The initial data breach occurred on Aug. 13, but the breach was not identified until Oct. 10, when the Secret Service informed the state that the information of three residents appeared to have been stolen. Questions of why it took the state so long to identify such a thorough breach of security and who should accept the blame for such a breach have different answers.

The state blamed the Internal Revenue Service for not mandating that the state encrypt social security numbers. Others blamed recently resigned South Carolina Department of Revenue Director Jim Etter, who declined an offer for free breach-detection services from the state's IT department.

A report detailing the attack is below:

Open publication