The Inquirer-Home

South Carolina loses tax details through stolen password

Security audit is all done
Wed Nov 21 2012, 16:23

A SINGLE LOST PASSWORD was all it took for personal details belonging to 3.8 million South Carolina taxpayers to be exposed.

The leak, which also affected around 700,000 businesses, is covered in a report from Mandiant (PDF), an information security company, and was introduced by Governor Nikki Haley at a press conference.

Haley apologised for the breach, saying that the South Carolina Department of Revenue could have done a better job. She said "we had 1970 equipment" that when presented with IRS compliance was "a cottontail for attack". "We should have gone above and beyond what we did," she added.

Haley added that only people who had filed returns electronically are affected, and there is the suggestion that could include anyone who filed after 1998.

She said, "We know how exactly who they were," saying that they would be contacted and offered information about identity protection soon.

The leak happened, said Mandiant in its report, because someone clicked on an untrusted link in email. Doh. "August 13, 2012: A malicious (phishing) email was sent to multiple Department of Revenue employees," it said.

"At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised."

An attacker who had taken a login and a password then started a five week period of intrusion and would snoop about, copy data from databases and install his own backdoors.

Mandiant said that during this period three systems had database backups or files stolen from four different IP addresses. The attacker created 15 encrypted zip files that when decompressed would yield approximately 74.7GB of data.

It said that the files were a mix of encrypted and unencrypted data, adding that while the intruder took an encrypted version of the data encryption key, there was no evidence that the actual key was taken too. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?