Forgot your password?
typodupeerror
Security Politics IT

South Carolina Shows How Not To Do Security 123

Posted by timothy
from the at-least-the-failure-was-spectacular dept.
CowboyRobot writes "Earlier this year, the state's Department of Revenue was storing 3.3 million bank account numbers, as well as 3.8 million tax returns containing Social Security numbers for 1.9 million children and other dependents, in an unencrypted format. After a state employee clicked on a malicious email link, an attacker was able to obtain copies of those records. It's easy to blame the breach on 'Russian hackers' but who is really to blame? 'The state's leadership, from the governor on down, failed to take information security seriously or to correctly gauge the financial risk involved. As a result, taxpayers will pay extra to clean up the mess. Beyond the $800,000 that the state will spend — and should have already spent — to improve its information security systems, $500,000 will go to the data breach investigation, $740,000 to notify consumers and businesses, $250,000 for legal and PR help, and $12 million for identity theft monitoring services.'"
This discussion has been archived. No new comments can be posted.

South Carolina Shows How Not To Do Security

Comments Filter:

Heuristics are bug ridden by definition. If they didn't have bugs, then they'd be algorithms.

Working...