Expert: Hackers got 'holy grail' of data from South Carolina

ashain@thestate.comNovember 13, 2012 

Hackers could steal $360 million if they empty bank accounts of just 1 percent of the more than four million consumers and businesses whose state tax records were exposed in a massive security breach at the SC Department of Revenue, a former FBI agent and bank security officer said Tuesday.

Thieves got the "holy grail" of personal financial information when they stole state tax records dating back to 1998 and could take more than a year before using it, said security expert Chris Swecker, who headed the FBI office in Charlotte and corporate security at Bank of America.

Swecker spoke to reporters after appearing before more than 200 people at a state data security symposium hosted by S.C. Treasurer Curtis Loftis. Banks will repay customers who inform them of thefts within 60 days of getting account statements.

South Carolina likely learned about the breach when the Secret Service noticed S.C. information being sold on the black market, he said. The Secret Service told state officials about the data hack on Oct. 10 nearly a month after it happened.

Few details have been released about the investigation except that state-approved credentials were used. Hackers tricked someone to open a file with a rogue program to access the revenue department system, The (Charleston) Post and Courier reported.

Swecker said what happened to South Carolina is not unusual.

"It's been playing out in corporate America for awhile," he said citing Sony and TJ Maxx.

Read more SC data breach news tomorrow in The State.

The State is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service