Letters informing thousands of Lowcountry taxpayers that they are among those whose information was “hacked” have started arriving in Charleston area mailboxes. And for several it was a reminder that their children were put at risk too.
Some parents said their working teens and other dependents were among those receiving letters from the state Department of Revenue, with multiple notices arriving at the same address.
Others said they feared what potentially could happen if their children were excluded from ID protection services, either by mistake or oversight.
“I didn't think about my kids, but tax returns have their Social Security numbers as well and could be devastating if their ID is stolen,” Mount Pleasant resident Bruce A. Work told The Post and Courier.
Some residents also have reported receiving the notice even though they never previously filed electronically with the state.
A Department of Revenue spokesperson could not provide an explanation as to why Friday, but urged anyone with questions to contact the agency.
“There was not a breach somewhere else,” spokeswoman Samantha Cheek said. “We don't want to speculate as to why these individuals would have received these letters, but if provided more information from the individual, we will assist in finding out why this happened.”
The agency did not want to offer a theory, “but if those individuals would call DOR we can look into this unique situation,” she said.
Last month the Revenue Department began mailing notification letters to more than 600,000 state residents and 760,000 non-residents informing them that their data was stolen in last year's massive breach of Revenue's security.
Because the alert letters were sent out in order of ZIP code, from lowest to highest, Charleston-area victims of the cybersecurity breach are beginning to see them arriving now.
A key message in the one-page letter is the warning, “We are writing you today, first to confirm that — as an electronic tax filer — your tax information was compromised and second, to encourage you to take immediate steps to protect yourself against identity theft.”
If you do not receive such a letter, officials say it is likely that your data was not hacked.
For those who did, the letter advises recipients to enroll in the free, one-year identity protection service that was set up afterward.
To date, more than 2.1 million of the notices have been sent out, with part of the lag time attributed to setting up the mail-out at a cost of $1.3 million.
“It's not an immediate process,” said Rob Godfrey, spokesman for Gov. Nikki Haley. “But what's important to the governor is that South Carolinians get notified with plenty of time to sign up for credit protection, which is why we extended the enrollment period by two months.”
The breach, disclosed by authorities in October, resulted in the theft of records of 3.8 million individual taxpayers, 1.9 million dependents, 699,900 businesses, 3.3 million bank accounts and 5,000 now-expired credit card numbers. It is the largest known breach of a state agency in U.S. history.
Before the letter was sent, most state taxpayers going back to 1998 could have been operating under the assumption that their information is at risk; the letters identify whose data has actually been compromised.
*Persons wishing to enroll in the protection service offered by Experian's Protect My I.D. can register by visiting www.protectmyid.com/scdor and enter enrollment code SCDOR123. If you do not have Internet service you may call 1-866-578-5422. The enrollment period ends March 31.
Reach Schuyler Kropf at 937-5551.