Massive South Carolina Data Breach – 3.6 Million Social Security Numbers Stolen

The South Carolina Department of Revenue suffered a massive data breach resulting in the theft of approximately 3.6 million social security numbers and 387,000 credit and debit card numbers. The majority of credit and debit card numbers were encrypted, but 16,000 of them were not. Even so, encryption isn’t foolproof. An intelligent hacker may be able to break the encryption. Worse, none of the social security numbers were encrypted.

Anyone who has filed taxes in the state of South Carolina since 1998 could be impacted. And if you paid taxes with a credit or debit card, you should be extra diligent about checking your credit card and checking accounts to be sure there's no fraud on your account.

Thieves can do far more damage with social security numbers than with credit and debit card numbers. Thieves may be able to make fraudulent transactions against your accounts, but your account numbers can be changed or closed to prevent unauthorized transactions. However, social security numbers are not so easily changed. And with your social security number, a thief can open new accounts, file fraudulent tax returns, or get a job with your identity. You can spend years trying to clean up problems stemming from a stolen social security number.

According to PC World, the breach happened around mid-September but the South Carolina Department of Revenue didn’t discover it until October 10. The hacker is believed to be international.

Taxpayers who were affected by the breach will receive a year of credit monitoring and identity theft protection services from Experian. You’ll get alerts of key changes to all three of your credit reports, but you won’t get free access to view these credit reports with the credit monitoring services. Fraudulent accounts could appear on any of those credit reports, so it’s important to check all three reports throughout the year. You can order a free credit report through AnnualCreditReport.com if you haven't already within the past 12 months.

Placing a fraud alert on your credit reports will give you the right to a free credit report and help deter identity thieves. The fraud alert lasts 90 days, but you can renew it once that time expires. You only have to add the fraud alert with one of the three major credit bureaus. They will share that fraud alert with the other two bureaus.

Another option is to put a security freeze on your credit report. With the credit freeze in place, businesses can’t access your credit report (for example, to approve credit card or loan applications) unless you first unlock your credit report. You have to contact each bureau individually to place a security freeze on your credit reports.

If you believe your information was compromised, call 1-866-578-5422 or enter the code 'scdor123' at protectmyid.com/scdor for your free year of credit monitoring. You must sign up by January 2013 to get your free year of credit monitoring services. Once you set up an account, you can opt to have alerts sent to you via email or text message. Alerts will let you know if key information has changed on your credit report or if there have been any new inquiries into your credit report. The benefit also includes $1 million of identity theft insurance that can help you deal with costs associated with clearing identity theft.

Keep in mind that identity theft can extend beyond your credit report. While you can take precautions to safeguard your credit card information, you always have to be on guard for other types of theft, like tax ID theft, insurance, medical, or criminal ID theft.

Thieves might even be able to commit child ID theft if you listed depending social security numbers on tax returns. Unfortunately, child ID theft is harder to detect since credit bureaus don’t offer credit reports for minors. Contact the bureaus directly if you fear your child may have been a victim of identity theft.

Source: PCWorld.com, Charleston City Paper