What we think we know about protectmyid/scdor 2
Update November 2, 2012
The South Carolina department of Revenue has issued a PDF document that summarizes the events surrounding the recent security breach and their recommended actions. Click here to view the document.
There is also a new web page that provides information about the incident including information for businesses exposed to the security breach.
We have had two press conferences and we still don’t know the extent of the damage. We know that only expired credit cards were stolen, so no problems there. But no one has publicly indicated whether we should be concerned about the checking and savings accounts that are attached to tax returns for the purpose of direct depositing tax refunds or paying balances due. Clients are asking if they should start closing their bank accounts to prevent problems. Right now we just don’t have an answer to that question.
The press conference has ended and it looks like we still don’t know very much.
News organizations have begun putting up stories.
Here are some that seem relevant
2. The Post and Courier in Charleston
4. WIS Television in Columbia “Credit protection is retroactive”
5. The State Newspaper in Columbia “Data Breach about the worst you can get”
6. Silobreaker a national/international news aggregation website collects some stories
8. WMBF in Myrtle Beach/Florence “How the SCDOR website breach affects your family”
9. WYFF4/NBC news in Greenville “How to Protect Your Children in the SCDOR Security Breach”
10. The New York Times finally gets in on the story
We will continue searching for relevant stories and add to the list as we find them.
The national news media has been eerily silent about the South Carolina data breach. I guess they are all busy reporting on the “FrankenStorm” aka Hurricane Sandy. Both the storm and the story have just about run their course, so hopefully the majors will begin to weigh in on the South Carolina story.
During the press conference on Tuesday morning State government officials indicated that only 5000 credit card numbers were taken and all 5000 were expired. So no active credit cards were taken. No mention of checking or savings accounts which were linked to tax returns for the purpose of direct deposit of tax refunds or balance due payments.
Video information on ProtectmyId