South Carolina's governor faulted an outdated IRS standard as a contributing factor to a massive data breach that exposed Social Security numbers of 3.8 million taxpayers plus credit card and bank account data. Gov. Nikki Haley's remarks on Tuesday came after a report into the breach revealed that 74.7 GB was stolen from computers belonging to South Carolina's Department of Revenue after an employee fell victim to a phishing email. People who filed tax returns electronically from 1998 on were affected, although most of the data appears to be after 2002, Haley said during a news conference.South Carolina is compliant with IRS rules, but the IRS does not require SSNs to be encrypted, she said. The state will now encrypt SSNs and is in the process of revamping its tax systems with stronger security controls. She said she has sent a letter to IRS to encourage the agency to update its standards to mandate encryption of SSNs.
Now the next question is how many other states were in the same boat as South Carolina? Were they proactive or were they lucky not to be hacked?