SC State Data Breach

South Carolina Department of Revenue Announces Major Data Breach

On Friday October 26, 2012 the South Carolina Department of Revenue announced that it had experienced and suffered a major data breach of its computing systems. It has been widely reported that approximately 3.6 million social security numbers along with 387,000 credit/debit card numbers were exposed in this incident.

Read More on Incident:

South Carolina's Department of Revenue Breach Information Site

Official Media Released Statement from the SC Dept of Revenue

Who might be affected by this incident:

Those that could be affected are anyone who has filed a South Carolina state tax return anytime from 1998 to present. Since most of our community will consist of users who would have filed a South Carolina state tax return during this time, it is highly likely that many in our community may be affected by this data breach.  This could affect faculty, staff and student alike so all need to be aware of this situation. Clemson University members should be diligent in protecting their personal and financial identity.  At some point, you will be notified by the state department of revenue that you were part of this incident, but you should not wait to take proactive measures to protect your information.

Steps you should take as specifically related to this incident:

  • Free Credit Monitoring: Go to Experians ProtectMyId site.  Once there you can enter the activation code of "scdor123" without quotes.  If your information is part of this disclosure you can register for one years worth of free identity protection service offered by Experian's ProtectMyID Service. Experian has been contracted by the state to provide this service. Note, you will be asked to provide some limited personal information about yourself to register, then you will have to validate some personal information that Experian has about you in your credit profile they have on file.  This will create you an account on Experian.  Also, you can purchase additional protections offered by Experian but that is at an additional cost to you than what is provided by the state.  Once you register you will notice that most areas are labeled "Active" for detection protections.
  • Credit freeze: You may want to place a credit freeze on your accounts with the credit reporting agencies. This can be used to limit who can do credit inquiries and establish credit on your behalf. You can do this by contacting each of the three credit agencies: Equifax Credit Freeze, Experian Credit Freeze, TransUnion Credit Freeze. Keep in mind this can also prevent legitimate lines of credit from being established until you remove the freeze. Also, most offer SC residents this service for free, but please check their sites for any applicable fees should it change.
  • Free Credit Reports: Obtain your free annual credit report from all three of the largest credit-reporting agencies by going to annualcreditreport.com. After registering and validating your identity you can get reports from Equifax, Experian, and TransUnion. This is a free service in response to the FACT act, but you can only do this once each 12-month period.

Long-Term Personal and Financial Identity protection measures:

  • Check all of your financial statements for irregularities in activity and immediately report any that you find. You need to be diligent in doing this as many creditors and financial institutions may have time limits on when you can report fraudulent activity.
  • Utilize the annual free credit report offered at annualcreditreport.com This site will not provide you the all important Beacon score, but can provide you all of your credit history as recorded by the big three credit reporting agencies. The reports will also show you who has inquired as to your credit. Since you only get this one time a year, one strategy is to do this every 4 months only requesting a single report from one agency. Doing this will allow you to get a report every 4 months of the year instead of all of them at one time during the year.
  • If comfortable with online statements and financial activity, you might choose to limit the amount of printed statements mailed to your home as to minimize the amount of times your financial numbers and personal identity are published in print.
  • Do not provide personal information to entities that you don't do business with, or ones that you don't start the conversation. Many times would-be thief's initiate contact with you either by phone, mail, or e-mail asking for personal information. Always scrutinize communications that you don't initialize.
  • Use pay for service credit protection and identity theft services offered by the reporting credit agencies if you feel you need additional coverage or full-time credit fraud protection.

How Clemson University work to protect your Information:

The Office of Information Security and Privacy works to insure that the Information Technology systems along with other data handling practices and activities of Clemson University are secure and adheres to generally accepted security and privacy practices.  You may find out more about group and keep current with information security and privacy related material at the Office of Information Security and Privacy

Clemson University has established a cross functional working group to address Red-Flag rules of identity theft related concerns of the campus.  This group works to detect, identify and report incidents of identity theft in the Clemson University community.  You can go to the Red-Flags Rules Program at Clemson University to find out more.