The New York Times finally has an “article” on the South Carolina Department of Revenue cyber hacking scandal. And I use the word article loosely, as this piece seems to be mostly a rehash of the two week old story but it is at least a start. (Links to older stories here)
If you detect a bit of frustration in my writing it is because I think this story deserves more coverage than it has received. I don’t believe we are going to ever find out what really happened until someone applies some significant resources in this effort. Granted there was an election and a major storm to cover but the majors have been almost completely silent on this story until now. It always seems they are quick to work any story that plays into the stereotype of southerners as backwards, Dukes of Hazards, Deliverance types. But this story affects everyone. If they can breach the tax records in South Carolina, they can breach the tax records anywhere. Its time we started getting some answers.
Come on national media , get off your humps and get to work on this story.
The state of South Carolina recently announced that businesses that have filed tax returns since 1998 are also at risk due to the recent security breach at the Department of Revenue.
Consequently, starting Friday Nov. 2nd, Dun & Bradstreet Credibility Corp. will offer
South Carolina businesses who have filed a tax return since 1998 a
complimentary CreditAlert™product which will alert businesses to
changes to their D&B® scores and ratings.
Please understand that these are the instructions on the South Carolina Department of Revenue website and we are posting this information solely as a courtesy to our friends and clients. Tax On Wheels, LLC does not recommend or endorse any credit reporting service. We continue to urge everyone to take a step back and make sure you understand the ramifications of using this or any credit reporting service. Then and only then should you determine if using a credit reporting service is the proper course of action for your business or personal information.
The state newspaper in Columbia has the story about business now being exposed to the data breach at the South Carolina Department of Revenue. Click here to go to the story on the The State Newspaper website.
ProtectMyID is a free service that is paid for by the State of South Carolina. Do not give anyone your credit card number for anything related to the data breach at the Department of Revenue.
We have helped many people here over the past few days, mostly with directions on how to get to the right place. We notice that there seem to be quite a few elderly people having difficulty trying to navigate this process. It sounds like this is the first time many of them have turned on the computer since the grand kids came to visit this summer. This could be a recipe for disaster. What we may find is that the cure may be worse than the disease. In the rush to do something in panic we may create more identity theft incidents than the original data breach.
Case in point, one elderly couple who called us seemed quite adept at following our instructions to get them to the correct web site. We directed them to our website so that they could click thru to the proper www.protectmyid.com/scdor website. But no matter how many times they did it correctly, the ended up on a website that wanted them to pay $15 using their credit card. My guess is that they have some sort of virus on their computer that hijacks their web traffic to pirate sites.
This could get ugly.
We are updating What we think we know about protectmyid/scdor 2 here with the little we have been able to find out so far. But I want this topic to be at the top of the blog list for anyone who needs to get up to speed quickly.
The State Newspaper in Columbia has published an article that doesn’t mince words.
A common theme that seems to recur in the questions that we are fielding at Tax On Wheels, LLC is how do I find out if my information is in the group that was compromised?
We have not been able to find any announcement from the state of South Carolina indicating whether there are certain groups of taxpayers who are more at risk than others in regard to the hacking incident at the South Carolina Department of Revenue. As far as we can tell everyone is at risk and needs to follow the instructions provided by the state.
Dependents who were listed on the tax returns filed with the state are at risk as well and need to be considered when deciding how to protect your information. There was discussion at the press conference this morning of a “family plan” which is designed to protect dependent children.
If anyone is asking for your credit card number or is otherwise trying to charge you money you are probably in the wrong place.
There is no urgency here folks. The damage is done. We recommend that you slow down and fully understand what we are doing here. The criminals will be in full bloom on this issue and if you are not careful you could make a bad situation worse by giving your information to the wrong people.
If there are any news media representatives reading this we encourage you to do basic step by step stories to help people understand the issues here. Many people just don’t seem to understand how this works. There are elderly people calling Tax On Wheels, LLC in a panic because not only do they not have an email address, they don’t have a computer or even know how to operate one. So how are they supposed to sign up for the protection offered by the state.
There seems to be a bit of a panic setting in, and we urge everyone to remain calm.
Update November 2, 2012
The South Carolina department of Revenue has issued a PDF document that summarizes the events surrounding the recent security breach and their recommended actions. Click here to view the document.
There is also a new web page that provides information about the incident including information for businesses exposed to the security breach.
We have had two press conferences and we still don’t know the extent of the damage. We know that only expired credit cards were stolen, so no problems there. But no one has publicly indicated whether we should be concerned about the checking and savings accounts that are attached to tax returns for the purpose of direct depositing tax refunds or paying balances due. Clients are asking if they should start closing their bank accounts to prevent problems. Right now we just don’t have an answer to that question.
The press conference has ended and it looks like we still don’t know very much.
News organizations have begun putting up stories.
Here are some that seem relevant
2. The Post and Courier in Charleston
4. WIS Television in Columbia “Credit protection is retroactive”
5. The State Newspaper in Columbia “Data Breach about the worst you can get”
6. Silobreaker a national/international news aggregation website collects some stories
8. WMBF in Myrtle Beach/Florence “How the SCDOR website breach affects your family”
9. WYFF4/NBC news in Greenville “How to Protect Your Children in the SCDOR Security Breach”
10. The New York Times finally gets in on the story
We will continue searching for relevant stories and add to the list as we find them.
The national news media has been eerily silent about the South Carolina data breach. I guess they are all busy reporting on the “FrankenStorm” aka Hurricane Sandy. Both the storm and the story have just about run their course, so hopefully the majors will begin to weigh in on the South Carolina story.
During the press conference on Tuesday morning State government officials indicated that only 5000 credit card numbers were taken and all 5000 were expired. So no active credit cards were taken. No mention of checking or savings accounts which were linked to tax returns for the purpose of direct deposit of tax refunds or balance due payments.
Video information on ProtectmyId
We posted this IRS resource on an earlier post.
IRS representatives have just distributed to tax professionals a link to a similar page here.
And we have some generic identity theft tips in our TaxTips newsletter here.
The press conference just ended, and it sounds like the authorities are not able to tell us much more than we already know. I will try to post some links to news stories from the media as they are posted.