COLUMBIA — A cybersecurity expert hired by the state in the aftermath of a massive breach at the S.C. Department of Revenue told state representatives today that the attack on taxpayer data was “not that sophisticated.”

Marshall Heilman, a director with cyber security firm Mandiant, rated the September attack on the agency as a four on a 10-point difficulty scale.

A Mandiant report last month found that the hacker likely was able to infiltrate Revenue Department systems through a malicious email.

And Heilman last month told state senators looking into the breach that a $25,000 dual-password system likely would have prevented the attack.

A state House panel investigating the breach is holding its first meeting today. At the same time, a similar state Senate subcommittee is holding its third meeting on the attack.

The breach at the Revenue Department resulted in the theft of records of 3.8 million individual taxpayers, 1.9 million dependents, 699,900 businesses, 3.3 million bank accounts and 5,000 now-expired credit card numbers.

Read more hacked stories here. Reach Stephen Largen at 864-641-8172 and follow him on Twitter @stephenlargen.