It started when a hacker – said by law enforcement to be in Russia – broke into computers of the South Carolina Department of Revenue and stole 74.7 gigabytes of data contained in electronically filed tax returns dating back to 1998.
Included in the haul were Social Security numbers, bank account numbers, and credit cards listed on tax returns. Information was stolen pertaining to 3.8 million individual taxpayers and 699,900 businesses.
As for how it happened, details are still emerging. In testimony Thursday before a committee of the House of Representatives of South Carolina the former head of IT for the department said that his bosses did not pay adequate attention to the security of data.
An upshot is that financial institutions in the state – including credit unions – are scrambling to reassure taxpayers that they do not need to panic.
The state, for its part, is buying impacted taxpayers a one-year membership in the Experian credit alert system, so they can be kept abreast of account activity.
Brandon Pugh, director of public affairs of the South Carolina Credit Union League, said in an interview, that credit unions were surprised the state did not have adequate protections in place.
Security experts hired by South Carolina to investigate the hack have indicated that it did not involve a high level of sophistication. They pointed to an employee falling for a phishing email as the probable cause.
Pugh added that, in the aftermath of this huge breach, there was a “wariness” that members would “overreact and close accounts.”
Pugh stressed that he was unaware of any theft that can be attributed to the data breach.
One upshot is that banks and credit unions have formed a kind of mutual assistance pact to monitor for fraud that might stem from the breach and to share warnings among the participating institutions.
Said Pugh: “SCCUL President and CEO Steve Fowler was present at the court proceedings where SCBA [South Carolina Bankers Association] indicated these plans and accepted their invitation to include/provide access to credit unions.”