A few weeks ago, the state of South Carolina admitted that hackers had obtained millions of Social Security numbers and more personal financial data from the state's tax servers. This week, it was revealed that the whole situation started, as many things do, with one small mistake.
The State newspaper website reported that a South Carolina tax revenue employee was "duped" into clicking on a link in an email on August 13th, according to a report from a computer forensics firm. The link was, in fact, a phishing scheme from hackers who proceeded to take the unnamed employee's user name and password.
That was the first step in the unnamed hacker's plan to steal other South Carolina employees' passwords later in August, which led to the hacker uploading programs to the state's servers in September in order to gain access to the financial information inside. At a press conference on Tuesday, the state government said that the Social Security numbers of 5.7 million people were exposed as a result of the cyber attack, along with bank account information from 3.3 million state residents.
Previous to this week, South Carolina governor Nikki Haley said that nothing could have been done to stop the hackers from obtaining the financial information. That was clearly not the case, and Haley admitted this week, "Could South Carolina have done a better job? Absolutely, or we would not be standing here." South Carolina residents who have had their private information taken as a result of the attack are eligible to receive a free one year identity protection service from Experian.