South Carolina Department of Revenue offers compensation for 2012 data breach

January 25, 2013

The South Carolina Department of Revenue (DOR) was in clean up mode this month following a serious security breach that saw the confidential information of 3.8 million state taxpayers compromised in the second half of last year.

In a notice issued January 11, the DOR offered anyone affected by the incident a free credit report as well as a complimentary credit monitoring service and identity theft resolution assistance.

Meanwhile the department's interim director Bill Blume has told an investigative Senate panel that the agency is planning on spending upwards of $21.7 million in responding to the incident.

He went on to say that the department would place an increased emphasis on vulnerability management in the future, in order to prevent incidents such as this occurring again.

"Security is considered a cost of doing business, not a discretionary budget item," Mr Blume said.

However a survey of more than 600 South Carolinians conducted by IT governance, risk and compliance services company Coalfire has revealed that the department may have faltered when it came to informing affected individuals of the breach.

More than 90 per cent of survey participants said that they only became aware of the incident due to the widespread media coverage which occurred.

Around 60 per cent of participants said they would take up the offer for free credit monitoring, however many still expressed dissatisfaction over the resolution and said they wanted more information about why the breach occurred.

"This data breach helps to highlight the need for strong cyber security plans and for the modernization of compliance rules in both the public and private sectors," said chief executive officer and co-founder of Coalfire Rick Dakin in a statement issued January 15.

"One key finding is that while citizens realize they are not experts on data security, they fully expect agencies such as state governments to safeguard their personal information," he added.

Organisations in both the public and private sector should take this incident as a warning about the potential for a security breach to have long reaching ramifications.

Often the real cost of a cyber security incident can be not only found in the financial impact, but also in terms of reputational damage as well, with customers losing faith in the organisation to safely manage their personal information.

In order to mitigate the risk of being affected by a security breach, it can often be prudent to invest in professional third party security audit and penetration testing evaluations.

These assessments allow your organisation to identify any weak points and vulnerabilities, allowing you to discreetly act to correct them before they are exploited by cyber criminals.

Leave a Reply

Your email address will not be published. Required fields are marked *