Columbia, SC (WLTX) - South Carolina Department of Revenue Director Jim Etter has resigned, following a report that said his agency could have done more to protect its data.
Gov. Nikki Haley confirmed Etter submitted his resignation to her, and that she accepted it. She says Bill Blume will serve as acting director.
"Jim [Etter] and I both agreed that we needed a new set of eyes on the Department of Revenue," Haley said.
Etter will stay with the agency until December 31.
The report, prepared by security company Mandiant, said South Carolina could have done more to protect its data. Chiefly, the report concluded that a lack of dual verification for entry to the hacked database and a lack of encryption on Social Security numbers contributed to the breach. LINK: Read the Report by Mandiant
The cyber assault began on August 13th, when Mandiant says the hacker sent a phishing email to several Department of Revenue employees. At least one employee clicked on the link inside the email, allowing the hacker to compromise the database.
From there, the hacker began acquiring passwords and logins until he gained access to the sensitive personal data of millions of people. He also installed a "backdoor" on the server to help him gain further access.
Eventually, the hacking affected the following:
- 3.8 million Social Security numbers of income tax filers, and 1.9 million of their dependants
- 699,900 businesses' data compromised
- 3.3 million bank account's data taken
- 5,000 credit card numbers seized, all of which were expired cards
Haley clarified one important point: the stolen data was only from people who filed state taxes electronically. She said the state now knows all of the people affected, and will begin contacting them.
Changes have already been made in the state's security, she said, and more will come.
"Where do we go from here," she asked. "We have to go into cyber plan mode."
Haley said a mix of old equipment from the 1970s and being "IRS compliant" on Social Security data was a cocktail for disaster. IRS compliant, she found out, means numbers don't have to be encrypted, something that shocked her, and she's learned a lesson.
"I'm not going to wait and see what others say is compliant," she said. "We didn't do enough, and we need to go above and beyond to make sure that we do."
The governor urged people to continue to sign up for the free protection service being offered by Experian. So far, she said, 843, 604 people have.
People can sign up by calling 1-866-578-5422 or by going to www.protectmyid.com/scdor and using the activation code "scdor123." The call center is open 9:00 AM - 9:00 PM EST on Monday through Friday and 11:00 AM - 8:00 PM EST on Saturday and Sunday.