Columbia, SC — I work in the identity theft and data risk industry, so when the news broke about the state’s massive data breach, I knew the ramifications to consumers, the government and other agencies would be severe.
The Department of Revenue did not invest the proper amount of time and energy in security. Officials didn’t use basic safeguards to protect their people’s data: two-factor authentication, encryption and employee training.
The main cause of this breach was a spear phishing attack, in which an email sent to one individual includes a link leading to a fake website requesting personal information — like a username and password; sometimes, the recipient is required to download a file. These emails are sent every day, and with basic knowledge and minimal training, most recipients know not to click links from unknown senders, and they definitely know to never provide username and password information.
At IDentity Theft 911, we say that you’re only as strong as your weakest link. With this in mind, businesses should ask: Do I have the proper security measures in place? Where are my potential vulnerabilities? What may employees be lacking in terms of training and knowledge?
The government has shown how little it really understands the risk this breach presents. Initially, one year of credit monitoring was offered, even though identity theft can cover a multitude of areas (medical, financial, criminal, employment, tax, etc.) over a person’s lifetime; since then, the package has been extended to include lifetime identity theft resolution services.
Here’s my advice: As a consumer, educate yourself on how to tell whether you’re an identity theft victim. We may not always be able to control how our personal information is stored, managed and destroyed, but we can recognize the warning signs of identity theft: late payment notices, loan application declines, etc. Actively manage all aspects of your identity portfolio, including credit reports, tax records and medical records. While a credit-monitoring package provides some protection, it does not prevent identity theft or even identify every form of identity theft.
Aside from the potentially lifelong problem that identity theft can bring to a victim, the biggest issue is how little citizens understand the risks associated with this breach and how little the government has done to protect its own citizens.