Hacker stole info from over 3.6 million SC residents

CHARLESTON, S.C. (WCIV) - Millions of Social Security numbers belonging to South Carolina residents who filed taxes over the last 14 years may have been compromised by a hacker, state officials announced Friday.

The South Carolina Department of Revenue said 3.6 million Social Security numbers and 387,000 credit and debit card numbers were compromised in the attack. Officials said the majority of the credit cards were protected by encryption strong enough to have probably protected the cardholders.

Gov. Nikki Haley said the state will provide one year of credit monitoring and identity theft protection services. The service is being provided through Experian.

Residents who have filed taxes with the state can call 1-866-578-5422 to get an activation code for Experian's monitoring services and then enter it at the website

The call center is open 9:00 AM - 9:00 PM EST on Monday through Friday and 11:00 AM - 8:00 PM EST on Saturday and Sunday.

People who have called the number and made it through to an operator reported being on hold for 35 minutes and then being told by an Experian representative that the company would send each caller a letter with an activation code for one year of free credit monitoring.

According to the caller, the representative said the activation codes were not immediately available, but would be mailed out in two days.

"The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens," said Governor Nikki Haley. "We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected."

Officials said that no public funds were accessed or put at risk.

"On October 10, the S.C. Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers," said DOR Director James Etter. "We worked with them throughout that day to determine what may have happened and what steps to take to address the situation. We also immediately began consultations with state and federal law enforcement agencies and briefed the governor's office."

Department of Revenue officials said information security specialists Mandiant were contracted to assist in the investigation and help the state secure its software and equipment in order to prevent a similar breach.

According to Haley's office, investigators on Oct. 16 uncovered two attempts{}to breach the system in early September and learned that an attempt was also made in August. According to the governor's office, two more attempts were made in mid-September, when the hacker successfully gained entry to the department's system.

By Oct. 20, the vulnerability had been closed, officials said.

"From the first moment we learned of this, our top priority has been to protect the taxpayers and the citizens of South Carolina, and every action we've taken has been consistent with that priority," Etter said. "We have an obligation to protect the personal information entrusted to us, and we are redoubling our efforts to meet that obligation."

State Sen. Vincent Sheheen called Haley's decision to delay informing the public of the massive identity theft from the state's Department of Revenue unacceptable.

"State leaders have a responsibility to inform the public of news like this in a timely manner. Whether its good news or bad news, like this, the public deserves to know," he said in a statement.{} "I often refrain from criticizing the administration, but enough is enough."

South Carolina House Speaker Bobby Harrell released the following statement Friday:

"Along with all South Carolinians, Legislators in the General Assembly were shocked to learn of the cyber hacking infiltration of some of our citizens' most sensitive personal information. We commend the Department of Revenue, the Governor's Office and federal authorities for taking quick action once alerted of this data security penetration. As our state addresses all the concerns that this security infiltration raises, the General Assembly is prepared to act in any fashion necessary to assist in remedying this situation.

"There are several things that must now take place, many of which are already in motion. But first and foremost we must ensure that our citizens' identities are protected from fraud and we must take steps to better insulate sensitive data to help prevent future attempts to bypass our security measures."

Officials have not said if they know who committed the crime.