Hackers could steal $360 million if they empty bank accounts of just 1 percent of the more than four million consumers and businesses whose state tax records were exposed in a massive security breach at the SC Department of Revenue, a former FBI agent and bank security officer said Tuesday.
Thieves got the "holy grail" of personal financial information when they stole state tax records dating back to 1998 and could take more than a year before using it, said security expert Chris Swecker, who headed the FBI office in Charlotte and corporate security at Bank of America.
Swecker spoke to reporters after appearing before more than 200 people at a state data security symposium hosted by S.C. Treasurer Curtis Loftis. Banks will repay customers who inform them of thefts within 60 days of getting account statements.
South Carolina likely learned about the breach when the Secret Service noticed S.C. information being sold on the black market, he said. The Secret Service told state officials about the data hack on Oct. 10 nearly a month after it happened.
Few details have been released about the investigation except that state-approved credentials were used. Hackers tricked someone to open a file with a rogue program to access the revenue department system, The (Charleston) Post and Courier reported.
Swecker said what happened to South Carolina is not unusual.
"It's been playing out in corporate America for awhile," he said citing Sony and TJ Maxx.