South Carolina Shows How Not To Do Security 123
CowboyRobot writes "Earlier this year, the state's Department of Revenue was storing 3.3 million bank account numbers, as well as 3.8 million tax returns containing Social Security numbers for 1.9 million children and other dependents, in an unencrypted format. After a state employee clicked on a malicious email link, an attacker was able to obtain copies of those records. It's easy to blame the breach on 'Russian hackers' but who is really to blame? 'The state's leadership, from the governor on down, failed to take information security seriously or to correctly gauge the financial risk involved. As a result, taxpayers will pay extra to clean up the mess. Beyond the $800,000 that the state will spend — and should have already spent — to improve its information security systems, $500,000 will go to the data breach investigation, $740,000 to notify consumers and businesses, $250,000 for legal and PR help, and $12 million for identity theft monitoring services.'"
well IT needs a union / engineer like signoffs so (Score:5, Informative)
well IT needs a union / engineer like signoffs so the IT works can't be pushed around by NON tech PHB's that may buy stuff on the golf course with no IT input or rank IT people my number of tickets and or call times. Even to the point saying we can't buy new software / hardware so find a work around to make X app work in the new OS / workflow even if it does have good security.
Re:Identity Theft Monitoring Services (Score:5, Informative)
He was talking about the ID protection "services". All they do is "monitor" your credit report and then whenever there is something suspicious they try to upsell you their next tier.