Clicking an email link gave hackers access to South Carolina's tax records

A few weeks ago, the state of South Carolina admitted that hackers had obtained millions of Social Security numbers and more personal financial data from the state's tax servers. This week, it was revealed that the whole situation started, as many things do, with one small mistake.

The State newspaper website reported that a South Carolina tax revenue employee was "duped" into clicking on a link in an email on August 13th, according to a report from a computer forensics firm. The link was, in fact, a phishing scheme from hackers who proceeded to take the unnamed employee's user name and password.

That was the first step in the unnamed hacker's plan to steal other South Carolina employees' passwords later in August, which led to the hacker uploading programs to the state's servers in September in order to gain access to the financial information inside. At a press conference on Tuesday, the state government said that the Social Security numbers of 5.7 million people were exposed as a result of the cyber attack, along with bank account information from 3.3 million state residents.

Previous to this week, South Carolina governor Nikki Haley said that nothing could have been done to stop the hackers from obtaining the financial information. That was clearly not the case, and Haley admitted this week, "Could South Carolina have done a better job? Absolutely, or we would not be standing here." South Carolina residents who have had their private information taken as a result of the attack are eligible to receive a free one year identity protection service from Experian.

Source: The State
South Carolina sign via Shutterstock


Read more here: http://www.thestate.com/2012/11/21/2527941/haley-admits-state-failed-to-protect.html#storylink=cpy

Read more here: http://www.thestate.com/2012/11/21/2527941/haley-admits-state-failed-to-protect.html#storylink=cpy
Report a problem with article
Previous Story

WSJ: Microsoft stock may be better in long-term than Apple stock

Next Story

PIPA creator launches, abandons, effort to expand email surveillance

6 Comments

Commenting is disabled on this article.

Clicking an email link lead to the source code of HL2: Source being outed onto the web. Ironically that was nearly 10 years ago and the problem still exists...

n_K said,
Clicking an email link lead to the source code of HL2: Source being outed onto the web. Ironically that was nearly 10 years ago and the problem still exists...

Problem will still exist in another 10 years because we will always have people that can be "duped".

n_K said,
Clicking an email link lead to the source code of HL2: Source being outed onto the web. Ironically that was nearly 10 years ago and the problem still exists...

until the entire internet is validated through valid SSL CA's and you know the company you linked to is a validated business and legit, its impossible not to be duped into something at some point

exotoxic said,

Problem will still exist in another 10 years because we will always have people that can be "duped".

Which is why real organisations operate content filtering gateways.

n_K said,
Clicking an email link lead to the source code of HL2: Source being outed onto the web. Ironically that was nearly 10 years ago and the problem still exists...

that's not what i was told long ago.. where did you get that from ?
i don't wanna say how if it wasn't posted publicly yet..
and yeah i know all the people involved in all of the hacking cases.
(many do its not a big secret)

know about the new source code leak from SEP '12 ?