The hacker who reportedly accessed millions of South Carolina tax returns apparently breached state databases via two different paths.
Marshall Heilman with information-technology company Mandiant told the Post and Courier of Charleston Wednesday that the attacker tricked a user in the Department of Revenue's system into opening a file allowing the hacker to access the system.
Then, Heilman says the hacker was able to get into the system because the agency was using unsecured, third party-software. Using a stolen credential, Heilman says the hacker remotely accessed the agency database and stole the information.
Officials think a total of 3.8 million tax returned were improperly accessed, and about 657,000 business returns were also hacked.
Nearly 700,000 people have signed up for free credit monitoring because of the hacking incident.