Any notion that cyber security was an issue that could be put off to another day evaporated Friday, at least in South Carolina, with the revelations that state income tax records have been broadly compromised by hackers. The consequences have yet to be determined, but they clearly could be serious.
At risk are the Social Security numbers of 3.6 million taxpayers and the credit and debit cards of 387,000. Security encryption should protect most of the credit and debit card information, state officials say. But 16,000 credit cards weren’t encrypted.
As noted in our news story, the state is taking wide-ranging measures to provide after-the-fact security for those whose personal and financial information might have been stolen.
And as Gov. Nikki Haley said, those measures will require the cooperation of taxpayers in determining misuse of their financial or personal information.
“The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the state of South Carolina and all our citizens,” she said.
It is reassuring that House Speaker Bobby Harrell, a frequent critic of the governor, has commended her office, as well as state and federal officials, for “taking quick action once alerted of this data security penetration.” Mr. Harrell pledged the efforts of the Legislature “in any fashion necessary to assist in remedying this situation.”
On the other hand, state Sen. Vincent Sheheen, D-Camden, contends that the governor’s response in notifying the public was too slow — and that waiting while law enforcement investigated before she made the announcement Friday “was a slick public-relations trick trying to minimize political damage.”
We find it hard to imagine that a cyber attack potentially affecting all state income taxpayers could be managed politically by an act of timing. This matter will continue to be of intense public concern until the extent of the damage is determined, the responsible parties identified, and corrective action taken.
So far, one response has been to provide individuals with enrollment, as needed, in a security service aimed at halting misuse of stolen information.
A long-term priority must be to ensure that strengthened state cyber security systems can withstand future infiltration attempts. And to restore confidence among South Carolina’s taxpayers.
It will be a big job as tax season looms.
Earlier this month, Defense Secretary Leon Panetta warned that the nation’s failure to seriously address this security threat has created the risk of a “cyber Pearl Harbor.” Mr. Panetta warned of online dangers from hostile nations and terrorists.
And clearly, the effect of large-scale hacking from any source can be disastrous, whatever the hacker’s motivation.
Mr. Panetta said a concerted cyber attack “could virtually paralyze the nation.” At risk are rail systems, electrical power and drinking water supplies.
Or the financial records of the taxpayers of an entire state.
Secretary Panetta cited the need for private companies and Congress to deal swiftly with measures to provide better cyber security.
South Carolina’s breach adds states to that list.
The potential consequences for S.C. taxpayers and the state’s financial operations underscore the need for strong measures to prevent future incursions into the computer networks of the Palmetto State — as well as every other governmental jurisdiction.