On Friday, the state of South Carolina announced that it had been the victim of a major security breach, and that as many as 3.6 million state residents (nearly 77% of the total state population) may have had their Social Security numbers and other personal identifying data stolen by person or persons unknown. As security firm Mandiant investigates the breach, they further revealed today that as many as 657,000 local businesses may have also be impacted by the data leak. The severity of the breach was exacerbated by the fact that the compromised data was actually being stored unencrypted on state-run servers, despite the fact it contained extremely sensitive tax information going back multiple years.
What this means for you:
Unless you are a resident of South Carolina or your business has filed taxes in that state, this particular event probably won’t impact you directly. However, it does serve to highlight that governments, like many businesses, fail to take security as seriously as they should, often under-spending on security or even ignoring potential threats. If you work with customer data that might be considered sensitive, are you doing enough to make sure that data is kept safe, not only from hackers, but from loss due to physical device theft, and damage from things like wildfires, floods, earthquakes or even a spilled cup of coffee? Most business won’t be able to prevent a determined hacker from penetrating their defenses, but they can make sure that sensitive data is stored properly (or not at all!) to minimize the collateral damage.
