As I first reported to you on October 31st, foreign hackers succeeded in stealing the computer records of 3.6 million South Carolina citizens from the South Carolina Department of Revenue. These records contained a treasure trove of information for identity thieves including names, Social Security numbers, credit card numbers and debit card numbers. What is particularly troubling about this data breach is that we have heard this all before. Last year Social Security numbers of 3.5 million Texans were mistakenly disclosed to the public by a government employee. In 2006 a lost laptop of a Veterans Administration employee contained personal data of 26.5 million veterans that could have been used for identity theft and these are just a few of the instances of either accidental or purposeful data security breaches. What is most troubling is that with the execption of some of the credit card numbers and debit card numbers in the most recent South Carolina hacking, none of the rest of the information in all of these instances were encrypted which would have protected the privacy of the individuals even if the system’s security had been breached.
This is not just a South Carolina problem. It is a problem with every company, state agency or federal agency that holds your personal information. You are only as safe as the weakest place that holds your personal information. The key then is to ask of any company or institution that holds your information, do they encrypt this information and if not, why not. When it comes to state or federal agencies, a call to your state and federal legislators might also bring this problem to their attention. Meanwhile, as I have discussed in the past, you may wish to have a credit freeze on your credit report so that even if your Social Security number falls into the wrong hands, it cannot be used to purchase expensive items because your credit report is locked and can only be unlocked through the use of your private PIN.