If you live in the state of South Carolina, hopefully you’ve heard by now about the massive data breach at the South Carolina State Department of Revenue. It’s an information security disaster. 3.6 million Social Security Numbers were stolen, all unencrypted; debit and credit card numbers were stolen as well, but most were encrypted (not that this is of much solace). Of course, no public funds were accessed or put at risk. You can read more about the data breach over at HuffPo, or watch an excerpt of the press conference here.
Now, I could comment on how incredibly irresponsible and idiotic it is to store sensitive information unencrypted. Or I could lambast the Dept. of Revenue for not taking action sooner when the attack has been going on for over two months. Instead, I’m going to try to outline the steps you need to take to protect your information now that it’s in the wild.
DISCLAIMER: I am by no means an expert, nor is this an exhaustive list of steps you should take to protect yourself. If you follow these steps, bad things can still happen to you. All this does is make things harder for identity thieves. All information is provided as-is, without any sort of guarantee. If the following steps do not work, I am not responsible. They worked for me, and I hope they work for you.
It’s a rather simple process. South Carolina is taking steps to right their egregious wrong, and has made a pretty fantastic tool available. Rather than repeatedly calling the 800 number that the state has provided only to be hung up on, simply do the following.
- Go to http://protectmyid.com/scdor
- Enter this code: scdor123 (this is the code that you would get from the 800 number)
- Finish the application process
Protectmyid.com is a service provided by Experian. In light of the breach, South Carolina has provided the code so that the citizens can have free access to this service. It was the least they could do.
I strongly advise you to set up an account through the service. Check your credit reports immediately, and see if there is any suspicious activity. Then set up alerts on your cell phone. To do this, look at the left side of the screen, where it says “You are logged in as: [Your Name] (edit profile).” Click edit profile, and then click “Alerts.” Enter your cell phone and your alert preferences. Mine is set so I receive alerts 24 hours a day.
That’s all you need to do to set up your account with ProtectMyId.com, but I also suggest you take the self-assesment test they provide. This will help you to understand and correct unsafe behaviors.
I would also recommend setting up a 90 day fraud alert through Experian. This is also free, available here. As a quick note, if you add a fraud alert through any one of the major credit bureaus, the other two get notified. If you add a fraud alert, it will force creditors to go through extra steps to check your identity, thus adding another layer of protection.
I hope this post has been helpful. If you have questions, ask them in the comments below and I’ll try to answer them. If you have comments or resources, please share them below as well. This is a massive problem that is affecting millions of people. Please share whatever insights you have. If this post has helped you, please forward it to your South Carolinian friends and family.
UPDATE10/30:If your children are listed on your tax returns, they should be covered by protectmyid.com. I spoke with the SCDOR, and they assured me that minors are protected under their parents plans.
- South Carolina hit with huge data breach (upi.com)
- South Carolina reveals massive data breach of Social Security Numbers, credit cards (pcadvisor.co.uk)
- Hackers breached SC Department of Revenue and steal 3.6M SSNs, credit card data (ehackingnews.com)
- Hackers break into South Carolina gov’t database, release 3.6 million SSNs (digitaltrends.com)
- South Carolina taxpayer server hacked, Social Security data breached (wtvr.com)
- Millions of social security numbers stolen from SC agency (ireport.cnn.com)
- Personal data for 3.6M South Carolina tax payers stolen in hack (venturebeat.com)
- Millions of SSNs lifted from South Carolina data base (oddonion.com)