South Carolina Offers Details of Data Theft and Warns It Could Happen Elsewhere

[InfoSec News <alerts () infosecnews org>]

http://www.nytimes.com/2012/11/21/us/more-details-of-south-carolina-hacking-episode.html

By ROBBIE BROWN
The New York Times
November 20, 2012

ATLANTA -- Gov. Nikki R. Haley said on Tuesday that South Carolina 
officials had not done enough to stop computer hackers who recently 
stole millions of personal financial records.

 A new report shows that outdated computers and security flaws at the 
state’s Department of Revenue allowed international hackers to steal 3.8 
million tax records, the governor said. She announced that the agency’s 
director, James Etter, would resign at the end of the year.

“Could South Carolina have done a better job? Absolutely,” she said. “We 
did not do enough.”

Experts say the cyberattack, which resulted in the theft of 3.8 million 
Social Security numbers and 387,000 credit and debit card numbers, was 
the largest ever against a state government agency.

On Tuesday, the computer security firm Mandiant released a report with 
new details about the attack. Hackers broke into the agency’s computer 
system by sending state employees spam e-mail that contained an embedded 
link. If employees clicked on the link, software was activated on their 
computers that stole their user names and passwords, Mandiant found. 
Using this information, the hackers were able to log in as tax officials 
and steal the data.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org