IRS blamed in massive South Carolina data breach - weidmanatudeas

Southwesterly Carolina's governor faulted an outdated Internal Revenue Service standard as a contributing factor to a monolithic data breach that exposed Multi-ethnic Security numbers of 3.8 zillion taxpayers advantageous charge card and bank news report data.

Gov. Nikki Haley's remarks on Tuesday came after a report card into the gap revealed that 74.7 GB was stolen from computers belonging to Southernmost Carolina's Department of Revenue (DOR) after an employee fell victim to a phishing email.

People World Health Organization filed tax returns electronically from 1998 on were hokey, although most of the data appears to represent after 2002, Haley said during a word conference.

South Carolina is compliant with Internal Revenue Service rules, but the IRS does not require SSNs to follow encrypted, she said. The state will now encrypt SSNs and is in the process of revamping its revenue enhancement systems with stronger security system controls. She said she has sent a letter to Internal Revenue Service to boost the agency to update its standards to authorization encryption of SSNs.

The lack of encoding and strong user admittance controls plus unstylish 1970s-era equipment made DOR systems ripe for an attack, she same.

"This is a new era in time where you can't mold with 1970 equipment," Haley said. "You can't go with compliance standards of the Union regime."

The written report, written by the security keep company Mandiant, launch that an employee's computer became septic with malware after the drug user yawning a phishing email. The drudge captured the person's username and password, which allowed access to the agency's Citrix remote access service.

From there, the hacker installed different tools that captured drug user report passwords on six servers. The hacker one of these days gained get at to three dozen other systems. Mandiant wrote that the hacker used at to the lowest degree 33 unique utilities and malware, including password dumping tools, administrative utilities, batch scripts and generic database command utilities.

The hacker used a utility called 7-Null to compact information, creating 15 encrypted archived files that, if uncompressed, controlled 74.7 Gilbert of data. The data was moved to another server within DOR before it was in time moved to another organisation on the Net, the news report said.

The 23 stolen database files contained a mix of encrypted and unencrypted data, the report said. The hacker appears to own only obtained an encrypted describe for the encrypted data, which could not be accessed. But there was plenty of past plain-schoolbook data.

The data included SSNs for 3.8 million taxation filers and info happening 1.9 million dependants, Haley said. Information belonging to 699,900 businesses was compromised, along with 3.3 million bank accounts and 5,000 credit card numbers, she said.

South Carolina has identified wholly of the victims, World Health Organization will be notified away letter. The state is also working with Experian, which is monitoring credit information for victims.

Atomic number 3 a consequence of the breach, DOR Director Jim Etter will resign effective Dec. 31. He will be replaced by Bill Blume, who is presently executive of South Carolina's Public Employee Benefit Authority, Haley said.