Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

South Carolina Department of Revenue Hacked, 3.6 Million SSNs Taken

Soulskill posted about 2 years ago | from the boy-are-their-faces-red dept.

Government 112

New submitter Escape From NY writes "3.6 million Social Security numbers and 387,000 credit and debit card numbers were stolen from the SC Department of Revenue. Most of the credit and debit card numbers were encrypted — all but about 16,000. There were several different attacks, all of which originated outside the country. The first they're aware of happened on August 27, and four more happened in September. Officials first learned of the breach on October 10, and the security holes were closed on October 20. This is still a developing story, but anyone who filed a SC state tax return since 1998 my be at risk. Governor Nikki Haley today signed an executive order (PDF) to beef up the state's IT security."

Sorry! There are no comments related to the filter you selected.

Love their response (2, Informative)

Anonymous Coward | about 2 years ago | (#41782145)

No worries, every single citizen of South Carolina--just call this skeevy company that offered us free credit protection and give THEM your personal info too.

And also, the phone lines are busy. And the website doesn't actually work. And the offer is just a scam to try to try to get you on the hook for their "upgraded" service, which you'll never be able to cancel.

Sorry, you didn't expect the state to actually PAY to fix this mess did you?

Also, the Governor forgot to mention that one of her first acts in office was to order her agencies to cut their IT staff as much as possible (in hopes of creating a statewide Department of Administration that would answer only to her). What could possibly go wrong, huh?

Re:Love their response (2, Funny)

Anonymous Coward | about 2 years ago | (#41782187)

That's OK. Security's fixed now; the governor signed an executive order that made it so.

Re:Love their response (1)

Anonymous Coward | about 2 years ago | (#41782281)

With the GOVERNATOR, the criminal would already be dead ;)

I'll be back!

Re:Love their response (1)

jhoegl (638955) | about 2 years ago | (#41784333)

I dont see South Carolina reversing anything since they dont believe in Evolution they can never evolve.

Re:Love their response (0)

Anonymous Coward | about 2 years ago | (#41786795)

So you're anti-science. Nice of you to admit your bias.

Evolution doesn't require understanding of itself to work. Obviously if it did, we wouldn't be here because we are the first and only species that understands it. You are simply wrong with your anti-science rant.

why bother (3, Insightful)

Rivalz (1431453) | about 2 years ago | (#41782163)

obviously there is no repercussions to the vendors, administration and IT staff.

Re:why bother (0)

Anonymous Coward | about 2 years ago | (#41782717)

why bother

obviously there is no repercussions to the vendors, administration and IT staff.

You mean the department that typically identifies these issues, but aren't given the budget and permission to make the required changes to stop something like that? Yea, they must be the only ones to blame...

Re:why bother (0)

Anonymous Coward | about 2 years ago | (#41782777)

What would you propose? Fire the whole staff? Fire the person that wrote the code?

Would you rather the citizens pay 10% more in taxes so the projects could have originally been outsourced to a vendor and then point the finger there instead?

What if the vendor or employee is long gone, must there be vindication that someone on staff suffers?

When will people realize that government workers are your neighbors and make mistakes too. You can't recruit great talent when people scream that our benefits are too good and their taxes that pay salaries are too high.

Signed, AC, your local county government programmer.

Re:why bother (0)

Anonymous Coward | about 2 years ago | (#41783173)

This is exactly what I was thinking. The holes that were present in the system have been there probably for a very long time. Most (not all) government specific IT software is made by 3rd party vendors and rarely maintained past delivery. These systems are proprietary to the needs of the government at the time the contract is written. Once the contract is completed there needs to be follow on contracts to maintain, upgrade, and patch.

Maybe someone would like to make the obvious analogy to how roads are maintained, upgraded, and patched...

Re:why bother (0)

Anonymous Coward | about 2 years ago | (#41783971)

How about the same rules for me at a private company who makes less and has less benefits? A fine for the company, possible other legal reprocussions, paying for credit monitoring for everyone affected for 2 years, and stories so bad that my company would probably have to go out of business.

Instead you have, higher pay, better benefits, no reprocussions, no fines, no paying for credit monitoring, and on top of that you will get budget increases and more pay in order to fix what you shouldn't have done wrong in the first place.

You see from these two examples. One encourages getting things right, the other encourages getting things wrong. So yes, fire everyone involved.

Re:why bother (0)

Anonymous Coward | about 2 years ago | (#41783039)

Keep in mind this is the governor who tried to fix an image problem by forcing every state employee to answer the phone "It's a great day in South Carolina." First time I did this I just about responded "Are you fucking kidding me, you actually have to say that?"

Imagine if the police department answers that way for a crime report call.

First SC woman governor, first SC Indian-American governor, two firsts for a state known for the legacy of Strom Thurmond and the Dixiecrats.

Too bad she is known for questionable accounting and reporting of income, failure to file taxes on time (she was a CPA and CFO IIRC, she should know better). Either told one agency (ethics board) she made $150K working for a hospital and didn't tell the SC Dept of Revenue or vice versa. She was also known for deleting emails to cover tracks, was told not to, and continued to do so. Last little snafu was how she directed that her daughter be given a job in the statehouse gift shop without advertising the position as required.

Kinda makes you long for the days of Mark Sanford before he left office. He just screwed around with his Argentinian mistress and lied about hiking the Appalachian trail to cover it up. Too bad as he had the cojones to bring squealing crapping pigs into the statehouse to protest pork barrel spending by the legislature.

Re:why bother (1)

AmiMoJo (196126) | about 2 years ago | (#41787857)

You assume they are at fault, but it is possible a zero-day vulnerability was used and there was absolutely nothing they could reasonably have done.

Disclaimer: I didn't read TFA.

3.6 million submarines?? (-1)

Anonymous Coward | about 2 years ago | (#41782169)

3.6 million fast attack submarines stolen? That's a lot of submarines.
http://www.navy.mil/navydata/cno/n87/today/ssn.html
http://en.wikipedia.org/wiki/SSN_(hull_classification_symbol)

Re:3.6 million submarines?? (2, Funny)

Anonymous Coward | about 2 years ago | (#41782835)

Uh, for those who missed it, "SSN" is the Navy term for a nuclear submarine.

(SSN = "ship, submersible, nuclear")

So the headline saying "3.6 million SSNs taken" is a bit disconcerting, if you're reading the wrong acronyms.

Re:3.6 million submarines?? (1)

K. S. Kyosuke (729550) | about 2 years ago | (#41782849)

Haha, that was my first thought as well. :-) Where would they put them? That would be one heck of a naval port. Also, it would solve the energy problem - just plug their power plants into the grid and voila, and any potential energy crisis would be instantly prevented!

So when is someone going to swing? (4, Insightful)

Tastecicles (1153671) | about 2 years ago | (#41782177)

This is yet another fine example of Government security doing its usual - leaking like a sieve, in clear violation of Statutory data security requirements. I'll make a prediction right here: some anonymous H1B or lowly DEC will catch it and be fired, notwithstanding the fact that the buck should stop not there, but at the feet of the DCM or the Executive who will continue to collect seven digit salaries.

Re:So when is someone going to swing? (4, Insightful)

penix1 (722987) | about 2 years ago | (#41782617)

I'll play devil's advocate here...

The true fault lies with the lazy citizens. They demand every government agency put their stuff online so they don't have to get off their fat asses and actually do something in person. The fault lies in the citizens always screaming "no taxes to pay for the services I demand". The fault lies with the citizens screaming for "less government" yet expecting government to do everything for them. The fault lies with the citizens who demand lowest bids be accepted for contracts allowing inferior products and services.

Two things come to mind...

Be careful what you wish for. You just may get it!
and
You get what you pay for.

Re:So when is someone going to swing? (4, Insightful)

Obfuscant (592200) | about 2 years ago | (#41782731)

The fault lies with the citizens screaming for "less government" yet expecting government to do everything for them.

Sorry, mate, but I'm one of the ones who says "less government", and I also say "stop doing things for me that I can do better myself." Trying to paint all people who call for less government with the same brush as those who feel the government should be a nanny state is a mistake, and leads to a sloppy and fatally flawed argument.

Re:So when is someone going to swing? (1, Insightful)

penix1 (722987) | about 2 years ago | (#41782839)

So when the crime rate goes up because of your less government you will remain silent right? When your house burns down because they closed the fire department that was closest to you you won't complain right? When the hurricane hits the east coast next week you won't have a single comment on how the government handles the response right?

Right....

Re:So when is someone going to swing? (4, Insightful)

Obfuscant (592200) | about 2 years ago | (#41783005)

So when the crime rate goes up because of your less government you will remain silent right?

Unfortunately for your rant, the things you want to claim I've been calling for less of aren't. You don't know, so please stop making a fool of yourself.

When the hurricane hits the east coast next week you won't have a single comment on how the government handles the response right?

Yes, I will. I will say "those idiots who build houses on a coast that both erodes on a regular basis and is innundated by storms should not get taxpayer support in rebuilding. They chose to live there despite the dangers, they should assume the risk.

Re:So when is someone going to swing? (1)

AmiMoJo (196126) | about 2 years ago | (#41787869)

Did you ever consider that they might not have had a choice? Perhaps they were born in that area, got a job there and needed to live within commuting distance. Couldn't just up-sticks and move inland.

I think most people would prefer not to have to be building engineering and geological experts and instead just have the government figure out what is safe and set some rules for building houses.

Re:So when is someone going to swing? (3, Insightful)

lgw (121541) | about 2 years ago | (#41783043)

So when the crime rate goes up because of your less government you will remain silent right? When your house burns down because they closed the fire department that was closest to you you won't complain right?

Texas has no income tax yet has fire departments, police departments, schools, roads, and so on. California has the highest income tax, yet far crappier roads (seriously, the don't even light the freeways in town, and they're full of potholes), though the schools might be better (that tends to vary more between neighborhoods than between states, though).

Here's a clue: the "infrastructure" part of government only takes a very small government to do. Mostly, government takes your money to give it to supporters

When the hurricane hits the east coast next week you won't have a single comment on how the government handles the response right?

Florida has no income tax, and had great government support when 4 hurricanes hit that one year (I was living there at the time). They even had a Republican governer that stood up against insurance companies and forced the to continue offering insurance that covered hurricane damage.

You don't need a government that vacuums all possible cash form its citizens to do the good stuff government does - you only need that only to hand over vast sums of money to governments friends.

Re:So when is someone going to swing? (2)

penix1 (722987) | about 2 years ago | (#41783239)

Florida has no income tax, and had great government support when 4 hurricanes hit that one year (I was living there at the time). They even had a Republican governer that stood up against insurance companies and forced the to continue offering insurance that covered hurricane damage.

I couldn't let this one slide since I was in FEMA during that time...

Florida gets far, far, far more federal dollars than it contributes especially in disaster response. Hell, there are still about 2,500 federal employees still deployed there for those hurricanes. Just because the Florida governor can push the cost of the disaster to the federal government instead of passing it off to you directly doesn't mean we all aren't still paying for it.

Re:So when is someone going to swing? (1)

lgw (121541) | about 2 years ago | (#41783415)

And collective that's a trivial part of the federal government. The "non-military, non-mailing-checks-to-supporters" part of the federal goverment -pretty much everything all active, non-military federal employees do, is about 20% of the federal budget. Probably couldn't make that work with no income tax, but it's still cheap. The federal government is a pension plan with a military -the actual productive work it does is almost an afterthought, budget-wise.

Re:So when is someone going to swing? (1)

Obfuscant (592200) | about 2 years ago | (#41785429)

Florida gets far, far, far more federal dollars than it contributes especially in disaster response.

So? You seem to think that anyone who wants smaller government must accept no federal money under any circumstances. You can have a smaller government and still have federal aid in times of disaster. Maybe not aid to people who build in known-hazard areas, but when a hurricane rips all the way across a state, not everyone is in a known-hazard area. Or when the levies break. People who build right on the shore, and build on stilts because they know floods happen on a regular basis, however, are a different sort.

It seems this is not an unusual twist to how things should work. Biden seemed to make quite a point of it in his debate with Paul, pointing out that Paul had written letters supporting his consitutuents' access to federal handouts. Why shouldn't he? If the Democrats are going to freely hand out billions of taxpayer dollars, why shouldn't the taxpayers in Paul's district get their share -- no matter how Paul voted on the handouts?

Re:So when is someone going to swing? (2)

KingMotley (944240) | about 2 years ago | (#41783305)

You are totally right penix1!

Instead of reducing government waste, we should actually increase it. Just think! Almost no crime, or fires if we had 10x the government we do now. And in order to pay for it, instead of them taking 18% of you paycheck, they will only have to take 180% of it! What a utopia that would be!

Re:So when is someone going to swing? (0)

Anonymous Coward | about 2 years ago | (#41782879)

Agreed. I never see anyone calling for less government expecting the government to do everything for them. We want the government out of our lives. Not omnipresent. An ideal government should not be involved in your day-to-day life beyond the extent of providing the most base of functions such as police, fire, streets and sanitation (things that are otherwise entirely impractical or lacking legal standing for private enterprise to provide).

Re:So when is someone going to swing? (0)

pixelpusher220 (529617) | about 2 years ago | (#41782939)

I never see anyone calling for less government expecting the government to do everything for them.

Perhaps you missed Eric Cantor asking for Federal Disaster assistance after the east coast earthquake?

Or the fact that SC receives FAR more money from the Feds than they contribute...

Or perhaps the ever hilarious Tea Party signs "Keep your government hands off my Medicare"

Re:So when is someone going to swing? (1)

pixelpusher220 (529617) | about 2 years ago | (#41785197)

Truth Troll at your service

Re:So when is someone going to swing? (4, Interesting)

Havokmon (89874) | about 2 years ago | (#41782841)

I'll play devil's advocate here...

The true fault lies with the lazy citizens. They demand every government agency put their stuff online so they don't have to get off their fat asses and actually do something in person. The fault lies in the citizens always screaming "no taxes to pay for the services I demand". The fault lies with the citizens screaming for "less government" yet expecting government to do everything for them. The fault lies with the citizens who demand lowest bids be accepted for contracts allowing inferior products and services.

Two things come to mind...

Be careful what you wish for. You just may get it! and You get what you pay for.

Nope. SC is accepting credit cards. They are under the same requirements (PCI) as all other MERCHANTS who wish to accept credit card payments. They weren't PCI compliant (I'll go out on a limb and 'guess' that's the case), and they got hacked.

They need pay the fine to Visa. That'll be interesting to see how that happens.

I walked out of a company, where I built the IT and PCI Compliance, because exactly what the parent says will happen - does happen. I just got out before the morons in charge let us get hacked and I got fired for their idiocy. I can only imagine what happened to the IT guys at CardSystems.

Re:So when is someone going to swing? (1)

penix1 (722987) | about 2 years ago | (#41782913)

Nope. SC is accepting credit cards.

Because their citizens demanded it.

Re:So when is someone going to swing? (0)

Anonymous Coward | about 2 years ago | (#41786113)

Funny: Its awfully often that the persons who are accused of "wanting everything easy" are the only ones paying the utimate prize: Loosing money as well as their identities. just because a "trustworthy" organisation tries to cut corners because the end-effect does not realy concern them -- hey, its not any skin of their back, now is it ?

Re:So when is someone going to swing? (1)

Vellmont (569020) | about 2 years ago | (#41782995)


This is yet another fine example of Government security doing its usual - leaking like a sieve, in clear violation of Statutory data security requirements. I

Have you SERIOUSLY not paid any attention to the massive, massive amount of data security breaches that have occurred over the last 10+ years? MOST of them are from private industry. How many times did Sony get 0wn3d in 2011.. like 10?

The problem really has nothing to do with "Government security doing its usual", it's a problem across the board. Your reply is complete and utter bullshit for singing out the Government for having shitty security. That's a problem for the entire industry.

Re:So when is someone going to swing? (1)

Tastecicles (1153671) | about 2 years ago | (#41783221)

um...yes [independent.co.uk] , actually [guardian.co.uk] I have [bbc.co.uk] . Those were just a few out of my bookmarks. OK, some of them were subcontractors to Government departments, but there are more than an insignificant number of breaches there that were quietly swept under the carpet that were entirely down to Government agents being either totally stupid or deliberately making sure that that data got out. Who knows how many breaches of remarkable severity go unreported?

The horses have run (3, Funny)

starfishsystems (834319) | about 2 years ago | (#41782179)

The horses have run. Hurry up and close that barn door!

breached on October 10 (1)

Anonymous Coward | about 2 years ago | (#41782277)

The first they're aware of happened on August 27, and four more happened in September [...] breached on October 10, and the security holes were closed on October 20.

What's wrong with this picture?

Re:breached on October 10 (1)

pixelpusher220 (529617) | about 2 years ago | (#41782967)

If you're implying they learned of the attacks on 8/27 and didn't act until 10/20, you're not reading that correctly...

Re:The horses have run (1)

dmdavis (949140) | about 2 years ago | (#41782667)

Obviously for those 16,000, closing the leak doesn't do much good. But, assuming more than 16,000 people live in South Carolina :), there are certainly some horses still in the barn to be protected.

Re:The horses have run (1)

Anonymous Coward | about 2 years ago | (#41782829)

Forget the credit and debit card numbers. TFA "none of the Social Security numbers were encrypted". Amusing the summary cherry picked the most useless info.

TWO MONTHS to close the security hole? (0)

Anonymous Coward | about 2 years ago | (#41782215)

Can we fire the government?

Re:TWO MONTHS to close the security hole? (2)

Andy Prough (2730467) | about 2 years ago | (#41782327)

Can we fire the government?

Apparently early voting has already started if you want to fire the current group. Not that that will make a big differenced for this kind of activity.

Re:TWO MONTHS to close the security hole? (1)

tombeard (126886) | about 2 years ago | (#41783197)

No early voting in SC. Might cause an increase in Democratic votes.

Re:TWO MONTHS to close the security hole? (1)

fustakrakich (1673220) | about 2 years ago | (#41782347)

Yes, you can

Re:TWO MONTHS to close the security hole? (1)

AwesomeMcgee (2437070) | about 2 years ago | (#41782929)

Show's what you know.

Re:TWO MONTHS to close the security hole? (0)

couchslug (175151) | about 2 years ago | (#41783307)

"Can we fire the government?"

Not in SC, which is run by crony rustic dumbfuck white trash Scary Republican Base/Christian Taliban and their sock puppet/token brown person Nicky Haley.

The alternative, exemplified by Congressman Clyburn, is even worse.

The only consolation is most people here deserve it.

Re:TWO MONTHS to close the security hole? (1)

pixelpusher220 (529617) | about 2 years ago | (#41783383)

Not 2 months to fix a hole. Read that again.

Icing on the cake (0)

Sparticus789 (2625955) | about 2 years ago | (#41782231)

In other news, Cybersecurity consultants have seen a 18% increase in their hourly rates in the South Carolina area.

Re:Icing on the cake (1)

PolygamousRanchKid (1290638) | about 2 years ago | (#41782319)

Cybersecurity consultants

Who do think broke in in the first place . . . ? It's called market making . . .

"Only" 16,000 credit/debit numbers at risk (4, Insightful)

Andy Prough (2730467) | about 2 years ago | (#41782287)

Well - that's reassuring! So, "only" 16,000 people potentially have their life savings at risk, or are about to have their lives turned upside down? Sure is convenient that government agencies have immunity from civil liability...

Re:"Only" 16,000 credit/debit numbers at risk (1)

Tastecicles (1153671) | about 2 years ago | (#41782381)

oh, they have that in the US as well? Here it's covered by section 71 of the Serious Organised Crime and Police Act 2005, where blanket immunity is given for any public agency which turns evidence in *any* *other* *proceeding*.

Re:"Only" 16,000 credit/debit numbers at risk (1)

Tastecicles (1153671) | about 2 years ago | (#41782421)

addendum: what I don't get is this: they broke the Law, why should they get to hide behind it?

Re:"Only" 16,000 credit/debit numbers at risk (1)

Obfuscant (592200) | about 2 years ago | (#41782691)

addendum: what I don't get is this: they broke the Law,

Which law? Is there a law that says government agencies must encrypt certain information when they store it? Is there one that makes the government the criminal when a real criminal breaks in and steals data?

Re:"Only" 16,000 credit/debit numbers at risk (2)

Tastecicles (1153671) | about 2 years ago | (#41783057)

In answer to your first question: Data Protection Act 1998. In answer to your second question: the same Act, under the heading "Offences by Bodies Corporate", which includes actionable negligence.

Re:"Only" 16,000 credit/debit numbers at risk (1)

Obfuscant (592200) | about 2 years ago | (#41785365)

In answer to your first question: Data Protection Act 1998.

Nice try. Last time I checked, South Carolina wasn't in the UK, so the UK Data Protection Act of 1998 wouldn't apply. I think the odd spelling of "Offences" might have been a give-away. We'd have called it "Offenses".

Re:"Only" 16,000 credit/debit numbers at risk (0)

Anonymous Coward | about 2 years ago | (#41782467)

Why do they even need credit card numbers to process tax returns? I am not American, so maybe I'm missing something in how you handle things, but seriously, why?

Re:"Only" 16,000 credit/debit numbers at risk (1)

RobertLTux (260313) | about 2 years ago | (#41782539)

some folks may decide to pay the tax bill on a CC and or they used it to pay for the tax prep (plus they may also have actual bank account numbers for DD of a refund).

Re:"Only" 16,000 credit/debit numbers at risk (1)

Fnord666 (889225) | about 2 years ago | (#41782797)

some folks may decide to pay the tax bill on a CC and or they used it to pay for the tax prep (plus they may also have actual bank account numbers for DD of a refund).

Don't forget people who may have elected a direct deposit of any tax refund. They may have had their bank account details compromised as well.

Re:"Only" 16,000 credit/debit numbers at risk (1)

LateArthurDent (1403947) | about 2 years ago | (#41782551)

Why do they even need credit card numbers to process tax returns? I am not American, so maybe I'm missing something in how you handle things, but seriously, why?

They don't need them, and I've never given them mine. You may, however, elect to pay your taxes with a credit card.

Re:"Only" 16,000 credit/debit numbers at risk (0)

Anonymous Coward | about 2 years ago | (#41783523)

In my world, paying bills with a card is stupid, but I am of course not an American, so what do I know. The common way to pay bills here is by a transfer from a bank account to the company's "giro"-account, which is essentially a special kind of bank accounts made to only receive money from anyone by use of a simple account number for the receiving account. Works well, and you have no reason to give them any information.

Also, you may not transfer credit card information without a PCI compliant system, and you are not allowed to store them long term. And CVV-codes can not be stored at all. And of course, most cards require 3D-secure additional verification for any online use. Credit card fraud around here pretty much requires access to the original card to clone the magstrip, and then visiting a far away country to use the clones, because all ATMs and stores here verify the chip on the card.

Re:"Only" 16,000 credit/debit numbers at risk (0)

Anonymous Coward | about 2 years ago | (#41782507)

I wonder where the decryption key to the rest of the numbers where stored ...

Re:"Only" 16,000 credit/debit numbers at risk (1)

Obfuscant (592200) | about 2 years ago | (#41782651)

Well - that's reassuring! So, "only" 16,000 people potentially have their life savings at risk,

Uhhh, what? None of the data was encrypted, according to the actual article. Why the summary says most of it was is a mystery. So all of the millions have their credit/debit info exposed.

Why you are claiming they have their "life savings" at risk, I don't know that, either. A public statement of this kind pretty much puts the credit card companies on notice that their reports of fraud are going to go up, and you don't lose your life savings just because someone steals your credit card data.

Similarly, your debit account is also protected with appropriate notice -- you lose access to the money until the problem is resolved. If you keep your "life savings" in your debit account, you're asking for trouble.

Re:"Only" 16,000 credit/debit numbers at risk (1)

Obfuscant (592200) | about 2 years ago | (#41782767)

Oops, none of the SSN were encrypted. All but 16,000 cc/debit were. My bad. Rest of points stand.

You are wrong about the type of risk (1)

Andy Prough (2730467) | about 2 years ago | (#41786091)

The bigger risk is from identity thieves, once they have your personal data, SS#, and account #. New York Times reported on a $66,000 "life savings" loss of an 81-year-old woman just one month ago: http://www.nytimes.com/2012/09/12/business/retirementspecial/old-trusting-and-prime-prey-for-swindlers.html?pagewanted=all&_r=0 [nytimes.com]

Re:"Only" 16,000 credit/debit numbers at risk (0)

Anonymous Coward | about 2 years ago | (#41783165)

Not that I think 16,000 credit card numbers being leaked is a good thing by any means, but the word "only" doesn't need to be in quotes...many more credit card numbers than that are out on the internet for purchase or for free and more are added every single day. South Carolina needs to figure out who was affected, let them know (ASAP) and those people simply need to cancel those cards.

Credit card numbers are basically disposable now-adays, too many ways for them to get stolen.

South Carolina (1)

Spy Handler (822350) | about 2 years ago | (#41782369)

First in Flight, last in computer interwebs

Re:South Carolina (3, Interesting)

0racle (667029) | about 2 years ago | (#41782437)

South Carolina - First in Flight, last in computer interwebs

Ah the wonders of the American Education System

Re:South Carolina (1)

Nyder (754090) | about 2 years ago | (#41783887)

South Carolina - First in Flight, last in computer interwebs

Ah the wonders of the American Education System

Oh, the system we don't put money in?

Re:South Carolina (1)

Obfuscant (592200) | about 2 years ago | (#41785385)

Oh, the system we don't put money in?

No, the system we keep throwing money at as if simply throwing money at the system would fix it.

You can hire a thousand teachers so the class sizes are all less than one student per teacher, and as long as the teachers are hamstrung by federal requirements (and local requirements implemented to deal with federal and state requirements), you'll not get good results.

Re:South Carolina (1)

lightknight (213164) | about 2 years ago | (#41786633)

Wait, are you serious? Last I checked, most teachers were earning well over the US median wage, with a few of them earning much more than that. Only a handful are earning anything near a below standard salary -> we've heard it in the press, how they're earning $10-30,000 more than the median wage of the people of their surrounding community.

On top of that, I don't know of a teacher alive who wouldn't testify against the corruption of the administrators / supervisors of their school districts. Not one.

You see, there is a lot, and I mean a lot, of money flowing into the school system; that it is not getting to where it is intended is a different matter from whether there is enough flowing into it. And yes, hypothetically speaking, if we increase the amount going in by 10%, the teachers at the bottom might see a 0.01% increase in their pay-checks, but it would be an insult to the common gentlemen's intelligence to pursue this course.

Re:South Carolina (0)

Anonymous Coward | about 2 years ago | (#41782451)

NC is first in flight.

Re:South Carolina (0)

Anonymous Coward | about 2 years ago | (#41782491)

Except everything was developed and engineered in Ohio. NC was just where they tested it.

Re:South Carolina (0)

Pete Venkman (1659965) | about 2 years ago | (#41782581)

Except the plane fucking flew first in NC. Fuck yourself you fucking fuck.

Re:South Carolina (1)

SleazyRidr (1563649) | about 2 years ago | (#41782657)

I'm sure if you tried you could squeeze "fuck" in there a few more times.

Re:South Carolina (1)

Pete Venkman (1659965) | about 2 years ago | (#41782757)

I don't know what came over me.

Re:South Carolina (1)

LateArthurDent (1403947) | about 2 years ago | (#41783247)

I'm sure if you tried you could squeeze "fuck" in there a few more times.

Hell, it's not even challenging. He could have gone, "Except the fucking plane fucking flew first in fucking North fucking Carolina. Fuck yourself you fucking fuck. Fuck!"

Re:South Carolina (0)

Anonymous Coward | about 2 years ago | (#41783295)

But can you say meow 10 times...?

Re:South Carolina (1)

JimBobJoe (2758) | about 2 years ago | (#41785677)

Dayton was at its time a mini-Silicon Valley: a hotspot for innovation, bringing us people like the Wrights, Charles Kettering and John Patterson.

North Carolina is just windy.

Re:South Carolina (0)

Anonymous Coward | about 2 years ago | (#41782489)

First in Flight, last in computer interwebs

Not actually first in flight either.

Re:South Carolina (0)

Anonymous Coward | about 2 years ago | (#41782557)

MOD PARENT FUNNY!

Re:Spy Handler (1)

Sparticus789 (2625955) | about 2 years ago | (#41782583)

First to run his mouth, last in 20th century American History

Re:South Carolina (2)

crazyjj (2598719) | about 2 years ago | (#41783089)

NC was first in flight.

SC was first in fight.

Re:South Carolina (1)

tombeard (126886) | about 2 years ago | (#41783293)

"First in Flight" is a bit north of here. Try "Smiling Faces. Beautiful Places."

not surprise (1)

webmastir (1383817) | about 2 years ago | (#41782457)

As a state government IT worker, I can guarantee they aren't the only ones at risk. It's sad but just the way it is.

Re:not surprise (0)

Anonymous Coward | about 2 years ago | (#41782599)

Wlel then perhaps, if you know for a fact that people are at risk, its...I dunno.... your duty to blow the whistle?

You know... might be better that a few admins and higher ups get a ration of shit than... 10s of thousands of people have their personal data placed gingerly in the hands of criminals?

Just a thought.

Does people in South Carolina actually have SSN? (-1)

Anonymous Coward | about 2 years ago | (#41782475)

moving on

"my be at risk" (0)

Anonymous Coward | about 2 years ago | (#41782521)

Proofread.

Credit monitoring (0)

Anonymous Coward | about 2 years ago | (#41782555)

FTFA: "The state will provide those affected with one year of credit monitoring and identify-theft protection, officials said." So I guess the hackers wouldn't keep the data more than 1 year?

COBOL on IBM-360 emulation (1)

peter303 (12292) | about 2 years ago | (#41782747)

I heard our state still runs its unemployment system this way. I would think something like that would be practically self-encrypting.

Re:COBOL on IBM-360 emulation (1)

MBGMorden (803437) | about 2 years ago | (#41784433)

Don't know about the state, but the county level agencies still run a ton of OS/400 stuff written in COBOL. Suggestions to replace the aging codebase with something newer are quickly reigned in when they hear about the cost involved.

Why are SSNs secret? (2)

bigwheel (2238516) | about 2 years ago | (#41783083)

A social security number is just a hash code to numerically identify a person. Kind of like a full name, except a little more precise. It was my student ID for both undergrad and grad school. It has since turned int a closely guarded secret, although it is included on the paperwork of pretty much anything you sign. There's got to be a better way.

Re:Why are SSNs secret? (0)

Anonymous Coward | about 2 years ago | (#41783619)

At some point morons started using SSNs as passwords instead of user IDs and from then on we've been stuck in this idiotic situation where knowing someone's SSN is sufficient to impersonate them to their bank, yet you're expected to divulge your SSN to anyone who wants to evaluate you as a credit risk.

Re:Why are SSNs secret? (0)

Anonymous Coward | about 2 years ago | (#41783701)

In Sweden we all have personal numbers assigned to us at birth. Based on birthdate with three extra digits and a checksum digit tacked on for ten digits that uniquely identify you (a plus sign is added if you are older than 100 years, all though some banks use the full four digit year instead).

And these numbers are completely public. Online searchable databases of every individual over the age of 16 are plentiful, and if you require more info you just call the tax agency and they will tell anything.

Shopping online? Just enter the number at checkout and the webshop fetches your full name and address for your convenience. Just klick checkout and you will get an invoice in the package for paying later.

Getting a package at the post office? They just scan the barcode on your ID or drivers license to get the number, and check that your face matches the picture. No need to sign.

The public use of these numbers rather prevent identity theft. It works.

Re:Why are SSNs secret? (1)

JimBobJoe (2758) | about 2 years ago | (#41785647)

I think the Swedish experience is that its national ID number doesn't do anything all that significant (none of the purposes you noted here would be severely inconvenienced or affected if you just used another number.)

In short, stealing someone's Swedish number doesn't achieve much.

The US uses the SSN as a gateway to the person's financial history.

Re:Why are SSNs secret? (1)

icebraining (1313345) | about 2 years ago | (#41784009)

The SSN system is stupid, but the CC system isn't any better.

You have to give a single set of numbers to a merchant (or other) and hope that not a single one fucks up, or you have to cancel the whole card and all the stuff (e.g. recurring payments) associated with it. It's fucking braindead, especially nowadays.

Here we like to complain about our banks, but at least we have decent payment system where the payer and not the payee initiates the transaction, as it should. Not to mention free virtual CCs for when we have to interact with foreign merchants.

Re:Why are SSNs secret? (0)

Anonymous Coward | about 2 years ago | (#41786829)

Controlled Payment Numbers solve 95% of those issues, and they can be obtained from Bank of America, CitiBank, and (I believe) Discover.

I've been using ShopSafe ever since it was a feature of my MBNA Visa.

Get a credit freeze (2)

gumpish (682245) | about 2 years ago | (#41783245)

Credit freeze [wikipedia.org]

"A credit freeze, also known as a credit report freeze, a credit report lock down, a credit lock down, a credit lock or a security freeze, allows an individual to control how a U.S. consumer reporting agency (also known as credit bureau: Equifax, Experian, TransUnion) is able to sell his or her data. The credit freeze locks the data at the consumer reporting agency until an individual gives permission for the release of the data."

You have to pay each of these companies $10 for the privilege, but it's worth it.

Of course, any time you need to do something that requires a credit check (take out a loan, apply to lease an apartment, apply for a job (sometimes)...), you'll have to temporarily lift the freeze, which is another fee.

Re:Get a credit freeze (1)

Chickan (1070300) | about 2 years ago | (#41783357)

Thanks. I moved to SC for a job (they exist here) and will need to look into this. Its crazy you have to individually call all three credit bureaus though, seems like a good way to waste a few hours.

Re:Get a credit freeze (1)

gumpish (682245) | about 2 years ago | (#41783483)

Actually they all have web forms available:

Experian [experian.com]

Equifax [equifax.com]

TransUnion [transunion.com]

So that's where that account came from... (1)

HeathenSkwerl (2039726) | about 2 years ago | (#41783399)

Count me as someone who got directly affected by this. Some jackass opened a fraudulent PayPal Mastercard in my name last month and promptly maxed it out. I had no idea how they could have gotten my information as I'm fairly careful with it and I didn't know of anyone I did business with that had been hacked. Now I find out a month later after the damage has been done that they almost certainly got my information from SC. They have all of my current data as I had to give it to them when I moved to my current address. No proof, of course, but the timeframe matches up perfectly. Thanks, SC, for still screwing me over with crappy service even AFTER I leave. -Skwerl

signed an executive order (0)

Anonymous Coward | about 2 years ago | (#41785227)

yea, its a bit late, you useless twat

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?