When an alert reader brought this to my attention, I thought that maybe I’d been wrong about no one yet being harmed by the huge SC Department of Revenue security breach. In other words, maybe Vincent Sheheen was in “luck,” in that there was a rich vein of wronged taxpayers out there ready to channel resentment at Nikki Haley:
Calls pour in to ID theft unit
South Carolina’s tax agency hacked in October 2013
By Tim Smith
Staff writer email@example.com
COLUMBIA — The incidents are an all too familiar and scary part of modern life: a monthly statement shows someone has been fraudulently using your credit card; a store where you’ve never shopped sends you a notice demanding repayment of charges you’ve never made; a laptop belonging to a government agency with your personal data has been stolen.
Two years after a hacker broke into South Carolina’s tax agency and took data belonging to 3.6 million taxpayers, the incidence and threats of identity theft are so pervasive that a four-person state unit regularly handles calls about the subject.
In fact, since October 2013, when the identity theft unit for the state Department of Consumer Affairs began operating, more than 3,300 people have called to talk about identity theft or some type of scam, some of which are attempts at identity theft, said Juliana Harris, a spokeswoman for the agency. “
I definitely know that calls are up, ”she said….
But then, I got to this line, way, way down in the story (the 27th graf; not many news stories these days even have 27 paragraphs):
After the Department of Revenue breach, she said she stayed on the phone constantly all day, with every one of her lines lit up. She said she might have talked to 100 people per day following the revenue department hacking.
No one has come forward since the breach saying it has caused their identity to be stolen, she said.
So. We have yet to see our first victim of the huge hack at DoR. I mean, we’re pretty much all of us “victims” in that our data were stolen. But who has been harmed by that yet?
By the way, you might want to read Cindi Scoppe’s column today on how Sheheen is emphasizing the wrong things in his criticisms of the incumbent — but also how he has little choice, since the right things are so hard to explain…
“STILL no victims of Department of Revenue breach”
Brad, you bring this up again and again, but how can you be certain no one has yet come forward with such a claim and been rebuffed by absence of a compelling chain of evidence?
Certainly, even Dick Harpootlian is now aware of the implausibility of laying such a claim exclusively at the feet of the breach in electronically filed SC income tax returns.
Credit/debit card frauds have become commonplace in the U.S. due largely to issuing bank failures to implement European style protections (until this year through 2016). Millions of social security and financial account numbers have been hacked by the millions leading the IRS to pay $Billions to bogus recipients.
My VISA card identity was stolen (I only file paper income tax returns). When I tried reporting the problem to a major U.S. bank using the customer service number on the card, I was instead invited to win a prize! The bank admitted its customer service number was being spammed and its customer service unit could not be reached every time it was called, but they were addressing the problem.
To prove the SC tax breach really damaged a victim would require the victim to have had none of the common exposures from more prevalent, commonplace and virulent sources. Good luck with that, Mr. Harpootlian. Unlike Carol Fowler’s INCREDIBLE claim of innocent lapse in Democratich Party due diligence (re: Alvin Greene) the taxpayer breach ultimately requires reasonable unambiguity.
in the world of digital records the latter is not obtainable as simply as the broad claim of vulnerability.
Thanks for bringing this up so often, Brad.
One reason I keep bringing this up is to invite correction.
No one in the MSM seems to be addressing the huge question of whether anyone has been harmed by the breach. This story, which notes only in passing, in the 27th paragraph, that there is no proof that ANYONE has been harmed, is the closest case I’ve seen of addressing it, outside of this blog.
There COULD be people who have been harmed. It seems intuitively likely that LOTS of people have been harmed by now. But it’s strange, strange enough to take note of, that we’ve seen no proof of that yet. Or even cases in which someone has had trouble and the DoR breach is strongly suspected.
So I’m going to keep bringing up this fact — that we’ve seen no such indications — until we do see some. And maybe my repeated assertions will cause such relevant information to be brought forward…
Proof that it came from the DOR breach would seem hard to come by. You would either have to catch the identity thief and get him to confess that, or else you’d have to have some serious forensic trail from the thief to the DOR breach. Not sure the latter will ever happen.
Exactly. And just as fast as hackers are coming up with ways to steal data, companies are responding with countermeasures.
It’s easier to steal identities through social engineering hacking (calling people and pretending to be some official entity) or through dumpster diving.
But I expect the first person who CLAIMS he was harmed by the DOR will get plenty of video exposure (and other benefit$$$) from the Sheheen campaign.