Published November 21, 2012
A report on a massive security breach at the South Carolina tax collection agency shows the state could have done more to protect personal information for nearly 4 million taxpayers, Gov. Nikki Haley said Tuesday. She also said she accepted the resignation of Department of Revenue Director Jim Etter effective at the end of the year.
Haley said the report from computer security firm Mandiant found hackers may have 3.3 million bank account numbers from South Carolina taxpayers.
The state made two mistakes, according to the report. It didn't require two different ways to verify when someone was trying to get into the system to look at tax returns and it did not encrypt Social Security numbers, Haley said.
"We didn't do enough. We should go above and beyond to make sure we do," Haley said.
The report said the breach only affected people who filed electronically. Haley said a hacker was able to obtain Social Security numbers from 3.8 million taxpayers, 1.9 million dependents and 699,900 businesses.
The state now knows the names of the taxpayers whose identities were stolen and will begin to notify them directly, Haley said.
Etter's decision to resign doesn't mean he is to blame for the hacking, Haley said. Instead, she said a combination of computers from the 1970s and a compliance system that did not require the latest security meant the breach could have happened no matter who led the agency.
But she said the hacking shows the agency likely needs to go another direction.
"We need a new set of eyes at the Department of Revenue," Haley said.