Hacking Incidents Lead RoundupSouth Carolina, Hawaii Report Breaches
In this week's breach roundup, a cyberattack on the South Carolina Department of Revenue's information systems exposed 3.6 million Social Security numbers. Also, the Hawaii State Department of Health is notifying 600 former and registered members of a mental health facility about a breach.
South Carolina Revenue Dept. Breached
A cyberattack on the South Carolina Department of Revenue's information systems this summer exposed 3.6 million Social Security numbers and 387,000 credit and debit card numbers, including 16,000 unencrypted ones, the state reported Oct. 26.
Revenue Director James Etter said the state Division of Information Technology informed him of the cyberattack on Oct. 10. "We worked with them throughout that day to determine what may have happened and what steps to take to address the situation," Etter said in a statement. "We also immediately began consultations with state and federal law enforcement agencies and briefed the governor's office."
At the request of law enforcement, the state didn't immediately notify the public as soon as the breach was discovered. "Although protecting the taxpayers is the priority of the state, this is a criminal investigation and DOR [Department of Revenue] felt it necessary to allow law enforcement to do their job with this investigation," DOR spokeswoman Samantha Cheek said.
The Secret Service and the South Carolina Law Enforcement Division first noticed the breach and alerted state officials.
Investigators on Oct. 16 uncovered two attempts to probe the system in early September, and later learned that a previous attempt was made in late August. In mid-September, two other intrusions occurred, and it is believed the hacker obtained data for the first time. No other intrusions have been uncovered. On Oct. 20, the vulnerability in the system was resolved.
600 Notified of Hawaii Dept. of Health Breach
The Hawaii State Department of Health is notifying 600 former and registered members of a mental health facility about a security breach after an employee noticed unusual activity on a computer, according to the Hawaii Reporter.
The facility, Waipahu Aloha Clubhouse, serves adults living with severe and persistent mental illness, providing daily activities and support.
An employee with the state department noticed the unusual activity on Sept. 25, believing that the computer was being accessed remotely without authorization.
Information contained on the compromised computer included members' names, birth dates, addresses, phone numbers, consumer record numbers and some Social Security numbers, according to media reports. No medical records were stored on the computer.
Employee Mishandled 20,000 Records
Duquesne Light, a utility company providing energy services to southwestern Pennsylvania, is notifying 20,000 customers of a breach after an employee accessed and mishandled personal and financial information, according to the Pittsburgh Business Times.
Although information is scarce, news reports state that there's no indication that the employee used the records nefariously.
The utility company is offering two years of free credit monitoring services through Experian, news reports said.
It's unclear how the employee mishandled the information.
French Lottery Site Hacked
The French website for the Euromillions lottery was struck by hackers, who vandalized the homepage and posted a passage from the Koran condemning gambling, according to news reports.
The hackers identified themselves as "Moroccanghosts," reports said.
Francaise des Jeux, the company that runs Euromillions, said that none of its games were compromised by the attack and no data was affected, reports said.
For a period of time, the French Euromillions website was down. Francaise des Jeux's site also experienced inaccessibility, with users being told the site was "unavailable due to service requests."