From our News Partners at WCBD-TV:
One year after a hacker got into the computer files at the South Carolina Department of Revenue, stealing the personal information of more than 4 million taxpayers and businesses, the state has made major changes to tighten computer security.
"I personally think the best change that has happened within our cabinet and everything else is they don't start meetings now without talking about security first, especially within the Department of Revenue," says Gov. Nikki Haley.
The list of changes at the Department of Revenue is long, since that's where the hacker was able to get in. The agency reorganized itself, including all IT functions. It also hired a new Chief Information Officer and a Chief Information Security Officer.
Employees went through hours of additional training, since it was apparently a "phishing" email that an employee opened that allowed the hacker to get into the DOR's computers.
DOR also added what's called multi-factor authentication, so a hacker can't get into the agency's computers even if he had a username and password. The multi-factor authentication is a small electronic device that generates a six-digit code, which changes every 30 seconds. You have to have the code to access the DOR computers remotely.
DOR's computers, and those in all cabinet agencies, are also now being monitored 24/7 by the Division of State Information Technology, or DSIT. That monitoring watches for hackers trying to get into the system, or large transfers of data going out, which could indicate a breach.
Right after the hacking was announced, the state set up one free year of credit monitoring through Experian. That free year is ending, so the state has now contracted with CSID to provide at least one more free year of credit monitoring, as well as other ID theft protection services. Enrollment in the CSID protection begins Oct. 24.
Besides monitoring your credit report, the CSID coverage includes monitoring black market websites to see if your information is being sold. CSID will also monitor court records, changes of address, sex offender registries, and non-credit loans to see if your information is being used.
The state is also in the process of hiring a Chief Information Security Officer, and the state Department of Consumer Affairs has created an ID Theft unit.
Photo Credit: Kentoh Shutterstock