About That Hack
by Philip Smith
webmaster, Conservatives Of The Upstate
As many of you are aware, the Governor of South Carolina, along with South Carolina Law Enforcement [SLED], has announced that over the last month a "cyber attack" was made by "a foreign source" on the State's income tax database. The security breach has resulted in more than three and a half million Social Security and portions of credit and debit card numbers being exposed to potential identity theft.
First, know that a lot of media is hyping this up to scare you.
The Governor's Office seems to be hyping this up for reasons of ignorance of the issue.
I won't accuse Governor Haley of manufacturing a re-election crisis to show the public that she can handle it. Nor will I accuse her of potentially favoring a business in the remedy of the situation that may have helped her in election bid.
I'm a supporter of our Governor and I voted for her, but something about only getting service from one (and only one) particular source of identity protection is fishy to me. There are hundreds of companies who may be more efficient, cheaper, or more comprehensive in their protection.
I have a source that is a good friend and is VERY close to the situation. They tell me that the situation may be getting blown out of proportion.
Here's why …
Apparently, those affected by the breach will receive a mailed letter by tomorrow (Wednesday October 31, 2012) if their information was compromised.
I'm told, by a trusted source, that if you do not get refunds and or did not pay your taxes by credit card - most likely you were not affected.
The breaches include information dating back to 1998. To note about stolen numbers - all credit card numbers expire after 4 years and the average lifespan of a checking account is 5 years - so older info is less risky … still an issue, but less of one.
In April of 2011, more than 25 million credit card numbers were stolen from Sony in connection to their Playstation Online Gaming network. Sony offered a similar 1 year of credit/identity protection free of charge to customers that wanted to take advantage of it. A similar situation has occurred at CitiBank and Bank Of America.
Not a single case of theft has been reported in the media in connection with these breaches ~ which each was on a scale of nearly 900% larger!
What needs to happen?
I think an investigation of the practices of these "Credit/Identity Protection" companies needs to take place at the Federal level in this country. It is my supposition that the results of the investigation may be similar to computer viruses being created by the virus protection software companies from a few years back.
A lot of concern has arisen from the fact that the governor has authorized the use of a certain credit and identity protection service free of charge for one year. What about after the year? I believe, if you can determine that your information was not compromised in another database, you have the law and reason on your side.
Something else to take into account. In order to use the information, "the hackers" will have to have more than just the numbers they got. They'll need security codes, addresses, phone numbers, maiden names, and possibly more.
I fielded concerns on facebook about "the hackers" being able to use the information to fill in other important data.
This is a concern, but I would reiterate the results of the Sony breach.
I'd also say that, in some cases, not all … a hacker does such a thing as a test for larger scale breaches - maybe as a test run. A hacker also usually does hacks for fun (to them) or personal satisfaction.
Here's a private message I received from a facebook friend:
"Stunt or not, I take my credit info very seriously and the fact that the information stored on state computers is not encrypted concerns me.
If the state is offering to pay for one year of monitoring out of taxpayer funds, that also concerns me. Even at $7-10 per acct, even if only a small number take advantage, is still a huge expense. It would have cost less to encrypt the data.
Still, I'll take them up on their offer. The activation code is "scdor123" and it's a generic code.
I'm most concerned about protecting my child. Seems savvy hackers are targeting teens because they can get away with the id theft for a few years before they ever apply for credit and by that time it's already too late."
What can you do?
If you receive the letter, OR as a general precaution …
• You can go this week to the bank and get a new account number and a new debit card - usually free of charge.
Yes this will be an inconvenience. But, IF anything results from this data breach, imagine the inconvenience of fixing the problem. This is a simple step you can take. Remember to adjust your accounts if you pay bills online. If you can't do this, get help from a savvy younger adult that you trust.
• You can add extra safeguards to your accounts …
Example: With my AT&T account I'm able to add a "parental passcode" that is not my social security number.
• DO NOT BE TAKEN IN BY FREE CREDIT REPORT WEBSITES. You are entitled to a free credit report from each reporting agency every three years.
To obtain yours … visit this government sponsored website ...