Large government breach shakes confidence in state security

On October 10, the Secret Service’s electronic crimes task force discovered that the South Carolina Department of Revenue’s systems were breached in one of the largest government data breaches recorded.  3.6 million Social Security numbers along with 657,000 businesses taxpayer records and 387,000 credit and debit card numbers were stolen.

We could be facing a much bigger problem, though.  Larry Ponemon, chairman of the Ponemon Institute, believes that other States are just as susceptible to the attack as South Carolina.  In an interview with The Post and Courier, he said, “One of the reasons, based on our research, is that the security posture of government organizations tends to be inferior of that of commercial organizations.”

Those investigating the data breach found that most of the data was not encrypted, and the attacker had penetrated the network for over a month before the intrusion was detected. Think of your systems and cyber security in light of this incident.  Is there sensitive information on your network that is not encrypted?  Would you know if there was an intrusion?  What would you do if a data breach occurred?



About The Author


Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

17 Comments

    1. So when does the free sophos av for wiodnws come out ? and how is it that sophos would cater to mac users in such a way when it has been every one but mac users that helped sophos become what it is ! And i agree with you Richard it does seem just a little unfair to any and all loyal sophos custumers to have had to pay or just advise and support without expecting anything for help .What has mac users done for them ? and on the other hand most of the mac users i know dont beleive that they need any av anyway . Some times you just have to say go figure.

  1. Virtually every day there is a news report of a major cyber security breach. Many, probably most, are not reported by companies anxious not to spook their customers. Annual losses are now in the hundreds of billions. Most recently:

    Panetta Warns of Dire Threat of Cyberattack on U.S.

    By ELISABETH BUMILLER and THOM SHANKER
    Published: October 11, 2012
    Defense Secretary Leon E. Panetta warned Thursday that the United States was facing the possibility of a “cyber-Pearl Harbor”
    http://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html?pagewanted=all

    In his new book, CYBERSPACE and Security: A Fundamentally Different Approach, cybersecurity expert Victor Sheymov analyzes the fatal flaws of firewall technology. These flaws cannot be fixed by an ever more complex Maginot Line of firewall programs. Sheymov shows that legacy firewall technology is based on traditional concepts of physical space. He proves mathematically that it cannot work. He explains how cyberspace is radically different from physical space. He analyzes the differences between the two, and defines the laws and characteristics of cyberspace. Cybersecurity technology has to work with these laws. He proposes a new cybersecurity technology that also assures privacy of communications.

    SEE attached EXCERPTS from the book.
    For the book–SEE:
    http://www.amazon.com/Cyberspace-Security-Fundamentally-Approach-ebook/dp/B009PENZEK/ref=sr_1_7?s=books&ie=UTF8&qid=1350245998&sr=1-7&keywords=sheymov

    http://en.wikipedia.org/wiki/Victor_Sheymov

    email Victor Sheymov: vic.she7@gmail.com

    Note: This email is being sent to a number of journalists who report regularly on cybersecurity.

    1. Jack, I read the article about the cybersecurity Pearl Harbor back in October and I am skeptical if a huge event would cause us to change for the better. I think that it would spark change but it would likely be superficial and reactive to only the incident that sparked it rather than cybersecurity in general.

  2. Security spotlight is the best site for information on handling data breaches. I did not know much about the topic until I started reading this blog.

    1. I’ve changed my position on web government security from generally supportive to totally opposed. For others here, that’s evidence of rational thought and an open attitude.

  3. SC and many other government agencies have very poor security. It is a shame that they collect so much of our data just be be mishandled.

  4. I’m surprised we have not heard about another huge government breach since this one. Given what you said about government security, I expected the hackers to attack several other agencies before the end of the year but here we are in 2013 and there has not been a major incident.

  5. What makes it worse is potentially 80% of the state population’s SSNs are compromised which means millions of us have to call that one number? Who came up with this crap? Who put up such shoddy security?

  6. And so Govner Haley’s gonna hire his second cousin Bubba to oversee the security fixes cuz he’s pretty good with computers and seems to know his stuff good.

  7. I think a lot of people don’t see the real problem here. It’s not that the agency wasn’t trying to protect their data- but that they thought their IT department was doing it. Security is not the responsibility of IT and organizations should not assume IT is handling it because they probably aren’t.

Leave a Reply