Six years after the largest data breach in South Carolina history left more than 6 million personal and business tax filers’ data exposed, the state still isn’t as prepared as it should be for future cyberattacks.
Unfortunately, that’s a common problem for government agencies at every level, where rules and lack of resources make updating cybersecurity technology and programs a complex and woefully slow process.
Of course, private businesses don’t have a particularly stellar track record either, with dozens of high-profile hacks of companies such as Marriott, Target, Yahoo and Home Depot collectively affecting hundreds of millions of people.
Part of the problem is that so many hacks involve simple human errors like clicking on a faked email. That appears to be how malicious actors gained access to the S.C. Department of Revenue databases in 2012.
Since then, South Carolina has smartly centralized its computer security in a single agency and created some basic minimum standards for employee training and protocols. But as The Post and Courier’s Andy Shain recently reported, there’s little oversight to make sure that the state’s roughly 100 different agencies are all in full compliance.
Obviously, the strongest possible security is needed when information as sensitive as state government records are at stake. It’s something South Carolina officials and lawmakers should take more seriously. The cost of another massive data breach almost certainly outweighs the cost of increased cyber defenses.
Specifically, the cost to sign up South Carolina residents for free credit monitoring following the 2012 hack totaled $18 million. It’s unclear if anyone’s personal data obtained during that breach has been used for nefarious purposes so far.
Identity theft can have devastating consequences that can take months or years to recover from. So now that South Carolina’s free credit monitoring offer officially ended in October, it’s vital that people take their data security into their own hands.
Fortunately, that’s not a tremendously difficult thing to do.
Everyone is entitled to a free credit report from the three large monitoring bureaus — Equifax, TransUnion and Experian — once per year. Some banks will help track credit scores. And a handful of websites offer year-round credit reporting services for free.
As a bonus, keeping track of credit also helps cut down on the cost of things like buying a car or a house and can even affect seemingly unrelated things like setting up a cellphone plan or looking for a job.
In short, it’s a smart thing to do, especially given that some of us have had our personal data hacked multiple times.
Of course, that doesn’t mean that South Carolina’s government agencies are off the hook. The data they keep are essential to the proper functioning of the state. And unlike shopping at eBay or taking an Uber, South Carolina residents don’t have much choice about, say, paying state taxes.
The state has a responsibility to take every reasonable measure to keep such sensitive information safe.