HACKED: Your questions answered

ashain@thestate.comNovember 3, 2012 

Councils Ôbarred from data powers'

Councils aîbarred from data powers'. File photo dated 22/08/08 of a memory stick on a laptop computer. Issue date: Thursday June 14, 2012. Local authorities will be barred from accessing details of phone calls, emails and internet use under controversial plans to extend the amount of information available to police, Theresa May will say. The police and security services will be given new powers to track suspects through their use of emails and websites in a bid to prevent problems catching criminals such as paedophiles and terrorists in up to a third of cases within a few years. But the new details will not be available to local authorities and councils will also be stripped of their current powers to access information about phone calls, the Home Secretary will announce. Public bodies will have to apply for the new powers at a later date. The move comes after Mrs May's initial proposals to extend internet surveillance were greeted with widespread criticism from civil liberties campaigners earlier this year. The full details will be outlined when the draft Communications Bill is published this morning, on the same day that David Cameron appears before the Leveson inquiry. See PA story POLITICS Internet. Photo credit should read: Matthew Baker/PA Wire URN:13802260 (Press Association via AP Images)

FILE PHOTOGRAPH — the associated press

  • SC data theft help Consumers: Sign up for one year of free credit monitoring and insurance, and lifetime ID theft-resolution services – protectmyid.com/scdor (use the code “scdor123”) or call (866) 578-5422. Businesses: Sign up for free monitoring from Dun & Bradstreet Credibility Corp. – dandb.com/sc or (800) 279-9881 – or Experian – smartbusinessreports/southcarolina. Additional steps From the SC Department of Consumer Affairs 1. Place an initial fraud alert on your credit report. To place an initial fraud alert on your credit report, you only have to call one of the Credit Reporting Agencies (CRA) and it will notify the other two. This is a FREE service. Once you place the alert, you will receive notice that you can get one free copy of your credit report from each of the Credit Reporting Agencies (CRAs). See No. 3 below for phone numbers. 2. Place a security freeze on your report. You must call each of the CRAs to do this. It is FREE to place, thaw, and lift the freeze for SC Residents. Once you place the freeze, you will receive a PIN number you can use to thaw or lift the freeze. Make sure to keep it in a safe place. You can place the freeze online at the addresses below or by calling the numbers listed in No. 3: • freeze.equifax.comexperian.com/freezefreeze.transunion.com 3. The phone numbers are the same to place a fraud alert and to place a security freeze on your credit report: • Equifax: 800-525-6285 • TransUnion: 800-680-7289 • Experian: 888-397-3742 4. Perform these steps for any Social Security number you think might be affected. The fraud alert and security freeze are linked to your Social Security number, so each person in the household must place it separately. 5. Remember to track your finances. Always review your banking statements as soon as you receive them. Also review your credit report regularly. You are entitled to a free credit report from each one of the three major credit reporting agencies annually. You can obtain your report by visiting annualcreditreport.com or calling (877) 322-8228. Check your statements and credit report for unauthorized purchases/accounts and incorrect information. 6. For more information on protecting against ID Theft, including information on placing a security freeze, visit the SC Department of Consumer Affairs "Identity Theft Resources" webpage.

— A week after a massive data-security breach at the state Department of Revenue was revealed, South Carolinians remain upset and confused, calling and emailing as they try to learn what happened and how their finances can be protected.

Here are answers to some of the questions sent to The State this week:

How did this happen?

Overseas hackers used state-approved credentials to access the Revenue Department’s computer system in September and take up to 4.25 million state tax records of individuals and businesses, and 387,000 credit card numbers. The records date back to 1998. The state does not know how many records -- if not all of the them -- were exposed and have suggested anyone who filed a S.C. return since 1998 take precautions.

Only 16,000 of the credit card numbers were unencrypted. But anything on a tax form, including checking-account information used for direct deposit, has been exposed. The state learned of the breach from the Secret Service on Oct. 10, investigated for more than two weeks and told the public on Oct. 26.

How is the state fixing this?

The Revenue Department now is encrypting data, using the state’s computer network monitoring system and considering not holding tax data for so long. The governor also has asked the state inspector general to review technology policies at state agencies and devise recommendations.

How is S.C. helping victims?

Consumers can get one-year credit monitoring and up to $2 million in insurance and lifetime credit-fraud resolution, paid for by the state, from Experian. The deadline is Jan. 31.

If possible, enroll online. The hotline has been so jammed much of the week that people get a recording that asks them to call later.

Consumers can register at protectmyid.com/scdor (use the code “scdor123”) or call (866) 578-5422.

Businesses can get free credit-report monitoring from two companies. They have no registration deadline.

• Dun & Bradstreet Credibility Corp.– dandb.com/sc or call (800) 279-9881

• Experian - smartbusinessreports/southcarolina

Does enrolling online complete credit-monitoring registration for consumers?

No. Based on notices at the end of the initial registration, people will need to call the hotline or wait for a letter sent within 10 business days with a code to finish the enrollment. (UPDATE: Customers will receive this message if they have entered some information that doesn't match with Experian records, the company says.)

Will credit monitoring keep away ID thieves?

Not necessarily. The monitoring will keep an eye out for credit inquiries, opened accounts and bill delinquencies at all three credit-reporting agencies – Experian, Equifax and TransUnion. However, an alert might come after a crook already has struck. Still, the monitoring should inform consumers about problems sooner than waiting to find a bogus account on a credit report. And it’s free to consumers for a year. Consumers also can get one free credit report from each of the credit-reporting agencies annually at annualcreditreport.com.

What happens after a year?

Consumers will have to decide whether to pay to continue monitoring and the insurance. Experian charges $160 to $240 a year for coverage.

Does the threat of ID theft drop a year after a security breach?

Not really, experts say. Crooks can hang onto – or sell – data years after a hack. The biggest concern is Social Security numbers. Consumers can change credit-card numbers or passwords. They can’t get a new Social Security number without a lot of effort.

Are kids covered?

Yes, but parents cannot register them directly. After consumers enroll, Experian will look at records for dependents and send a notice in a few weeks about registering children. Adult children – those 18 and older – must register on their own, though some consumers have said the Experian website would not enroll them. They should call the hotline.

What about people who paid S.C. taxes since 1998 but are living out of state?

They enroll like everyone else. They also should get letters within a few weeks telling them about the breach and credit monitoring. If they have problems enrolling online, call the hotline.

Do couples who file their taxes jointly need to enroll more than once?

Each person needs to enroll separately.

Is anything being done to help the elderly and those without web access?

Not immediately. Gov. Nikki Haley asked her Cabinet directors to come up with ideas by Tuesday. The AARP also is looking for solutions. In the meantime, individual taxpayers have until Jan. 31 to register – hopefully enough time for the phone lines to clear up.

How can people without an email address enroll?

They should call the hotline.

What should consumers do if they are redirected to ProtectMyID’s main page when they use the address for S.C. breach victims?

Try using different web browser on their computer or delete the cookies for protectmyid.com.

Should consumers freeze their credit records?

Maybe. Cautious consumers can put a lid on their credit records that prevents the issuance of new credit cards and loans. Consumers have to register with all three credit-reporting agencies for freezes. But they also will need to unfreeze the records if they want a loan or new credit card – a potential hassle though thaws are supposed to happen within 15 minutes of a request. Visit www.consumer.sc.gov for instructions.

To freeze your accounts, contact:

• Equifax: https://www.freeze.equifax.com, (800) 685-1111

• Experian: https://www.experian.com/freeze, (888) 397-3742

• TransUnion: https://freeze.transunion.com, (800) 680-7289

Should consumers close their checking accounts and get new credit cards?

Probably not. Banks will make customers whole if crooks steal money from accounts, the S.C. Bankers Association said. Customers must tell banks within 60 days of getting their statement about the theft. Banks also will not hold customers liable for fraudulent credit-card charges.

Can someone with another person’s tax information fraudulently file for tax refunds and Social Security benefits?

Yes. The Internal Revenue Service and the Social Security Administration said they have safeguards in place to prevent ID theft but cases happen, data-security experts said. Consumers can do little to prevent this except make sure they receive weekly benefits checks and their refunds.

Will the bad guys who stole the tax information get caught?

Unlikely. Steven Toporoff, an attorney for the Federal Trade Commission’s division of privacy and identity protection, told The Associated Press that the constant swapping of stolen data among crooks makes it difficult to trace stolen credit-card and Social Security numbers to a specific theft. The Secret Service, which is leading the S.C. data breach probe, has declined comment on the case.

Bottom line: What is the price tag of the breach for the state?

Final costs are unknown. Here’s what we know now. The state will pay up to $12 million for Experian to offer help to individual taxpayers. The business monitoring is free. South Carolina has paid about $125,000 to Mandiant, a firm recommended by the Secret Service to help fix computer gaps, and hired Columbia’s Nelson Mullins law firm to help handle liability issues.

The State is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service