Haley said she will ask lawmakers to develop an emergency cyber-attack plan like the one the state uses for hurricanes. "We're just in the 19th century in technology in this state," said Loftis, who has introduced bills to put all state agency computer work under one umbrella. Dwight Loftis, R-Greenville, said allowing state agencies to run their own technology operations creates turf wars that increased the likelihood of a massive breach. Some lawmakers said problems lie within state policy. Haley also blamed the breach on the revenue department not using a double-password to log-in and a computer system from the 1970s. The IRS said it is reviewing Haley's letter. The IRS said in a statement Tuesday that it uses "a variety of safeguards - including encryption," though the agency did not say whether data in its servers are encrypted. The state is encrypting all data at the revenue department. She called the IRS's cyber-security standards outdated, a departure from when she said encrypting data was not an industry standard soon after revealing the breach on Oct. Haley sent a letter to the IRS asking the federal agency and all states to encrypt taxpayer data in servers. The governor, a frequent critic of federal policies, pointed to IRS rules that do not require encrypting taxpayer data in servers as part of the "cocktail for an attack." IRS rules require encryption while transmitting data. Still, Haley said the breach was not Etter's fault. "Jim and I both agreed that we probably needed a new set of eyes on the Department of Revenue - one that looked at data in terms of securing it," Haley said.Įtter, who had no comment Tuesday, will be replaced by Bill Blume, director of the S.C. 17, a week after the Secret Service alerted the state about the breach.Īfter saying soon after the attack that no one in state government should be blamed, the governor accepted the resignation of revenue department director Jim Etter. The hackers used a virtual backdoor on Oct. 13 and 14 after accessing the system eight times and stealing passwords of three other employees during the previous month, Mandiant said. The link appeared to trigger a program to steal the employee's username and password. 13 email, according to a report from Mandiant, a Washington computer forensics firm hired by the state to investigate the incident. Hackers duped a revenue department employee to click on a link in an Aug. Banking Association has asked banks to step up surveillance for fraudulent activity and share news of attempts to drain accounts, said Fred Green, the group's president. Thieves also have bank account information belonging to 3.3 million S.C. Taxpayers whose information was stolen will receive notification soon by letter or email, she said. Hackers took tax information only of people who filed returns electronically, Haley said. Department of Revenue is the largest known hacking at a state agency nationwide, according to the San Diego-based Privacy Rights Clearinghouse, which has been collecting breach data since 2005. All of the stolen tax data dating back to 1998 was unencrypted. The number of businesses affected has risen slightly to nearly 700,000. Hackers possess Social Security and other data belonging to 5.7 million people - 3.8 million taxpayers and their 1.9 million dependents, Haley said. "Could South Carolina have done a better job? Absolutely, or we would not be standing here," said Haley, who had insisted in the first days after revealing the cyber attack that nothing could have prevented the breach. Nikki Haley admitted Tuesday that the state did not do enough to protect their sensitive financial information and accepted the resignation of the agency director in the middle of the controversy. COLUMBIA - As more South Carolinians learned that hackers hold their tax return data, Gov.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |