Oct. 26, 2012 at 6:37 PM ET
CHARLESTON, South Carolina — As many as 3.6 million Social Security numbers and 387,000 credit and debit card numbers belonging to South Carolina taxpayers could have been exposed in recent cyber attacks on the state Department of Revenue's computers, officials said on Friday.
The vast majority of the credit card numbers were encrypted, but about 16,000 were not, meaning the data was fully exposed, state police said.
None of the Social Security numbers were encrypted, said State Law Enforcement Division spokesman Thom Berry.
Berry said the hacker used a foreign Internet Protocol (IP) address to gain access to the data.
Officials said no public funds were accessed or put at risk. An investigation into the security breach is ongoing.
Investigators this month discovered two attempts to probe the Department of Revenue's system in early September, and later learned of an attempt made in late August, state officials said.
Two other intrusions occurred in mid-September. The department determined that the hacker had obtained data for the first time, according to a statement from the state.
Officials said the vulnerability in the system was closed on Oct. 20 and is believed to be secured.
Anyone who filed a South Carolina tax return since 1998 is being urged to find out whether their information was affected. The state will provide those affected with one year of credit monitoring and identity theft protection.
(Editing by Colleen Jenkins and Philip Barbara)
(c) Copyright Thomson Reuters 2012. Check for restrictions at: http://about.reuters.com/fulllegal.asp