Security expert: S.C. Department of Revenue hacking ‘not that sophisticated’

  • Stephen Largen
  • Posted: Thursday, December 13, 2012 12:07 p.m.
    UPDATED: Thursday, December 13, 2012 12:21 p.m.
  • Text size: A A A
South Carolina Gov. Nikki Haley and Chief Mark Keel of the South Carolina Law Enforcement Division answer questions at a news conference in Columbia S.C. on Friday, Oct. 26th. Officials announced that 3.6 million state tax returns going back to 1998 had been exposed in an international cyber attack. (AP Photo/Bruce Smith)

COLUMBIA — A cybersecurity expert hired by the state in the aftermath of a massive breach at the S.C. Department of Revenue told state representatives today that the attack on taxpayer data was “not that sophisticated.”

Marshall Heilman, a director with cyber security firm Mandiant, rated the September attack on the agency as a four on a 10-point difficulty scale.

A Mandiant report last month found that the hacker likely was able to infiltrate Revenue Department systems through a malicious email.

And Heilman last month told state senators looking into the breach that a $25,000 dual-password system likely would have prevented the attack.

A state House panel investigating the breach is holding its first meeting today. At the same time, a similar state Senate subcommittee is holding its third meeting on the attack.

The breach at the Revenue Department resulted in the theft of records of 3.8 million individual taxpayers, 1.9 million dependents, 699,900 businesses, 3.3 million bank accounts and 5,000 now-expired credit card numbers.

Read more hacked stories here. Reach Stephen Largen at 864-641-8172 and follow him on Twitter @stephenlargen.

Comments { }

Postandcourier.com is pleased to offer readers the enhanced ability to comment on stories. We expect our readers to engage in lively, yet civil discourse. Postandcourier.com does not edit user submitted statements and we cannot promise that readers will not occasionally find offensive or inaccurate comments posted in the comments area. Responsibility for the statements posted lies with the person submitting the comment, not postandcourier.com. If you find a comment that is objectionable, please click "report abuse" and we will review it for possible removal. Please be reminded, however, that in accordance with our Terms of Use and federal law, we are under no obligation to remove any third party comments posted on our website. Read our full Terms and Conditions.