Governor Nikki Haley and other state officials gave an update Tuesday morning on a hacking incident that's believed to have compromised millions of South Carolina tax returns.
The personal information, including Social Security numbers, belonging to more than 3.6 million people who filed state tax returns since 1998 were taken when a foreign hacker breached the South Carolina Department of Revenue computer servers in mid-September.
It could take days or weeks before those affected know they've been affected.
"This is not something that happens on a day-to-day basis," said Governor Haley. "This is bizarre."
Haley then called cyber attacks a "time we live in."
"The CIA, the White House and Google have been hacked," said Haley. "Instead of whining and crying about it, we're going to do something about it."
There was some new information provided Tuesday.
One of the big points Governor Haley made was that all of the credit card numbers that were stolen were expired numbers, not a single active credit card was taken.
H aley said children will be protected. After parents sign up for the free year of service with Experian, they will soon get an email about a program called Family Secure. That will be a different registration process so you can monitor the identities of any minors. Children's social security numbers will be matched up with their parents after they sign up.For more on what that will offer, click here.
Haley addressed the issue of minors being affected and said that minors will be put on a family plan with their parents. Children's social security numbers will be matched up with their parents after they sign up.
Also during the news conference, Haley said Experian, the credit monitoring service contracted by the state, will notify the people who have been affected. In order to be contacted, though you have to have signed up for the free service.
If you have not done so, click here and enter the activation code SCDOR123.
There will be free credit monitoring for one year through Experian, according to Governor Haley, and fraud resolution will be covered for life for those affected by the hack.
"This was no simple breach, this was a true, sophisticated breach," Haley said. "There isn't one thing we could have done to avoid this hack...What I've found is that everyone wants to blame someone for this. Our focus needs to be on resolution getting people to call in and get people to sign up."
As we reported last week, on October 16, investigators uncovered two attempts to probe the SCDOR system in early September, and later learned that a previous attempt was made in late August.
In mid-September, two other intrusions occurred, and to the best of the department's knowledge, the hacker obtained data for the first time. No other intrusions have been uncovered at this time. On October 20, the vulnerability in the system was closed and, to the best of the department's knowledge, secured.
Late Tuesday, we learned the hacker also breached companies' tax information.
SCDOR Director Jim Etter told senators that companies' state identification numbers were in the file accessed by an international hacker. He says he doesn't know how many.
Those comments came toward the end of a several-hour grilling from Senate Finance Committee members.
Etter says the hacker had to have certain credentials to get into the agency's computer system. He says 250 employees have those codes.
News of the breach was announced last Friday, more than 2 weeks after the state learned of it.
The decision to withhold information from the public was to comply with the Secret Service's investigation, said SCDOR Director Jim Etter.
"We safeguarded the citizens of the state," said Etter. "We made a decision that was in the best interests of the citizens."
Etter did not give details about the ongoing investigation, other than he was "unaware" if the hacker worked alone or with someone else.
"We want to get this person so they can't do it to another state or another person," said Haley. "At this point, we don't want to compromise the investigation.
Haley added that so far, there have been 533,000 calls to Experian, 287,000 sign-ups on the Experian website, and there is now an average wait time of under 10 minutes.
Once you sign up here www.protectmyid.com/scdor with the activation code SCDOR123 (make sure you use all capital letters, which has been another common question), make sure you hit the "logout" button at the top right hand corner of the screen before trying to create another account.
You have until January 31, 2013 to sign up.