Please enter your email below to subscribe
The state of South Carolina recently released a report detailing a massive data breach at the South Carolina Department of Revenue this past August. The successful hacking attempt gave criminals access to 3.8 million tax returns, including the social security numbers and bank account information for millions of people.
The most worrying aspect is that hackers were able to access the state’s computer systems because of a single piece of attack email that contained an embedded link, installing a virus when it was opened by an unsuspecting revenue department employee. The hacker was able to obtain the user’s login credentials and copy large amounts of data for a period of about two months before the breach was detected.
In South Carolina, the Department of Revenue did not encrypt the social security numbers in its databases, and it did not require two-factor or multi-factor authentication to access its systems. A requirement in many financial institutions, health care providers, and government agencies that have databases full of sensitive information, two-factor authentication requires the user to present an additional piece of identifying material beyond a user name and password, such as a physical smart identification card or a one-time use access code that is communicated to the user via SMS or other means.
The incident in South Carolina demonstrates how security is ultimately human-centric and everyone in an organization must be security-conscious. Security standards must be implemented and enforced within an organization in order to be effective. If employee training programs had educated revenue department staff about the dangers of clicking on suspicious links, if two-factor authentication had been required on department systems, or if social security numbers had been encrypted in the database, the breach could have been prevented or would have been less severe.
Guidepost Solutions has the computer security expertise to implement training and compliance programs based on industry standards and best practices to reduce the risk of serious security breaches like the one in South Carolina.
Bart M. Schwartz is the chairman of Guidepost Solutions LLC, a global leader in investigations, due diligence, security and technology consulting, immigration and cross-border consulting, and monitoring and compliance solutions.