CowboyRobot writes "Earlier this year, the state's Department of Revenue was storing 3.3 million bank account numbers, as well as 3.8 million tax returns containing Social Security numbers for 1.9 million children and other dependents, in an unencrypted format. After a state employee clicked on a malicious email link, an attacker was able to obtain copies of those records. It's easy to blame the breach on 'Russian hackers' but who is really to blame? 'The state's leadership, from the governor on down, failed to take information security seriously or to correctly gauge the financial risk involved. As a result, taxpayers will pay extra to clean up the mess. Beyond the $800,000 that the state will spend — and should have already spent — to improve its information security systems, $500,000 will go to the data breach investigation, $740,000 to notify consumers and businesses, $250,000 for legal and PR help, and $12 million for identity theft monitoring services.'"