BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Agency: Records of employees may have been breached

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Wed, 19 Jan 2011 01:41:04 -0500
http://www.aikenstandard.com/State/m1074-BC-SC-SCGovernment-Reco-1stLd-Writethru-01-15-0346

South Carolina officials on Friday notified people who had coverage
from the state's insurance program that their personal information may
have been obtained illegally.

The state Budget and Control Board mailed letters Friday to people who
may have been affected by the breach.

State Employee Insurance Program director Stephen Van Camp said a
computer virus attack on a single computer could have allowed the
hacker to access to names, addresses, Social Security numbers and
birth dates of up to 5,600 of insured employees, retirees dependents
and survivors on that computer. Those records also included about 800
people who are dead, he said.

The breach occurred between Nov. 8 and Nov. 18, when it was
discovered, and the South Carolina Law Enforcement Division was also
notified, Van Camp said. "Then our problem was to determine what had
been accessed and who was involved," he said.

The records could be exploited for identity theft. Van Camp said
people who receive the letters are also getting instructions about
contacting credit services.

The Employee Insurance Program's plans serve about 528,000 people.

Gov. Nikki Haley is chairman of the Budget and Control Board, a
position that came with her inauguration Wednesday. Haley spokesman
Rob Godfrey had no details about the breach.

"Obviously, this is a terrible situation, and we feel for all those
whose privacy may have been compromised," Godfrey said.

Godfrey noted that at Haley's first board meeting Thursday the board
unanimously agreed to hire a new director, Eleanor Kitzman, who is
"committed to making sure that changes are implemented, quickly, so
something like this never happens again."
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: