S.C. governor orders cabinet-wide cyber protections after massive data breach

Gov. Nikki Haley

The Governor of South Carolina ordered cabinet-wide cyber security measures to be put in place as the state reels under a massive electronic breach of its revenue department’s data.

Cyber thieves stole over 3.5 million Social Security numbers and information on 387,000 credit and debit card accounts in September from South Carolina’s tax collection agency. The records of anyone who paid taxes in the state since 1988 were exposed. The department disclosed the attacks on Oct. 20.

“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens," said Gov. Nikki Haley, in a statement following the disclosure. "We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected."

In a Nov. 14 press conference, Haley, along with Budget and Control Board executive director Marcia Adams, Division of State Information Technology (DSIT) director Jimmy Earley and State Inspector General Patrick Maley announced new Cyber security measures to minimize the risk of additional breaches of the state’s data systems.

Haley’s Nov. 14 executive order directs the state’s cabinet agencies to work with DSIT to implement network monitoring, including twenty-four hour a day monitoring as well as intervention and interrupting of unusual events or viruses. The governor also encouraged all non-Cabinet agencies to work with DSIT to identify weaknesses in current network monitoring and implement stronger monitoring services where needed.

Once a potential threat or attack is identified, said Haley in a Nov. 14 statement, DSIT will notify the agency and request that agency’s IT staff remove the infected computer from the network and begin remediation action, said a statement by the governor. Agency networks will be monitored around the clock by DSIT staff and by six agency personnel who have been dedicated to the task. The new approach, said the statement, will minimize cost and increase agency knowledge and experience in IT security.

The device DSIT Network Monitoring will employ to intercede and interrupt in real time the download of detected viruses and malware is the Mandiant Intelligent Response (MIR) appliance, said the governor. A Mandiant product also known as “The Hand,” MIR was put in place at DSIT to help monitor and manage the South Carolina Department of Revenue network in the wake of the breach, and the equipment will be re-positioned to cover all Cabinet agencies, she said.

The state has been scrambling to help those possibly affected by the breach. As of the morning of Nov. 14, the Experian call center set up to assist South Carolina taxpayers had received approximately 775,500 calls and approximately 789,500 signups for Experian’s ProtectMyID program, according to Haley. Access to unlimited fraud resolution beyond the one year enrollment period is included in Experian’s ProtectMyID membership and available to any taxpayer affected by DOR’s information security breach.