The South Carolina Data Breach: How to protect yourself and your family.

If you live in the state of South Carolina, hopefully you’ve heard by now about the massive data breach at the South Carolina State Department of Revenue. It’s an information security disaster. 3.6 million Social Security Numbers were stolen, all unencrypted; debit and credit card numbers were stolen as well, but most were encrypted (not that this is of much solace). Of course, no public funds were accessed or put at risk. You can read more about the data breach over at HuffPo, or watch an excerpt of the press conference here.

Now, I could comment on how incredibly irresponsible and idiotic it is to store sensitive information unencrypted. Or I could lambast the Dept. of Revenue for not taking action sooner when the attack has been going on for over two months. Instead, I’m going to try to outline the steps you need to take to protect your information now that it’s in the wild.

DISCLAIMER: I am by no means an expert, nor is this an exhaustive list of steps you should take to protect yourself. If you follow these steps, bad things can still happen to you. All this does is make things harder for identity thieves. All information is provided as-is, without any sort of guarantee. If the following steps do not work, I am not responsible. They worked for me, and I hope they work for you.

It’s a rather simple process. South Carolina is taking steps to right their egregious wrong, and has made a pretty fantastic tool available. Rather than repeatedly calling the 800 number that the state has provided only to be hung up on, simply do the following.

  1. Go to http://protectmyid.com/scdor
  2. Enter this code: scdor123 (this is the code that you would get from the 800 number)
  3. Finish the application process

Protectmyid.com is a service provided by Experian. In light of the breach, South Carolina has provided the code so that the citizens can have free access to this service. It was the least they could do.

I strongly advise you to set up an account through the service. Check your credit reports immediately, and see if there is any suspicious activity. Then set up alerts on your cell phone. To do this, look at the left side of the screen, where it says “You are logged in as: [Your Name] (edit profile).” Click edit profile, and then click “Alerts.” Enter your cell phone and your alert preferences. Mine is set so I receive alerts 24 hours a day.

That’s all you need to do to set up your account with ProtectMyId.com, but I also suggest you take the self-assesment test they provide. This will help you to understand and correct unsafe behaviors.

I would also recommend setting up a 90 day fraud alert through Experian. This is also free, available here. As a quick note, if you add a fraud alert through any one of the major credit bureaus, the other two get notified. If you add a fraud alert, it will force creditors to go through extra steps to check your identity, thus adding another layer of protection.

I hope this post has been helpful. If you have questions, ask them in the comments below and I’ll try to answer them. If you have comments or resources, please share them below as well. This is a massive problem that is affecting millions of people. Please share whatever insights you have. If this post has helped you, please forward it to your South Carolinian friends and family.

Godspeed.

UPDATE10/30:If your children are listed on your tax returns, they should be covered by protectmyid.com. I spoke with the SCDOR, and they assured me that minors are protected under their parents plans.

Advertisements

5 Comments

Filed under Personal, Politics

5 responses to “The South Carolina Data Breach: How to protect yourself and your family.

  1. Cliff

    If you have children, their SS number is on the tax return. Could the minor’s info be used against them? Experian won’t register anyone under 18.

    Like

  2. Jonathan,

    Thanks for putting up this post. For years information security professionals like myself have been trying to advise organizations of all sizes and individuals alike to take even the basic steps, like different passwords for key accounts, for years.

    The frequency of incidents will increase. Last year, in Verizon’s data breach survey, it stated that 85% of incidents impacted companies with <100 people.

    We are in a different world which is highly interconnected – education is key.

    Happy to discuss.

    Vikas

    Like

    • You’re quite right. Basic steps here would have been key! Perhaps encrypting sensitive data like SS# would have helped mitigate the effects of the attack.

      Thank you for your feedback.

      Like