South Carolina Department of Revenue Data Breach (2012)

A single malicious email sent to workers at the South Carolina Department of Revenue last August enabled an international hacker to crack into state computers and gain access to 3.8 million tax returns, including Social Security numbers and bank account information, in what experts say is the biggest cyber-attack ever against a state government, according to details in a report released Tuesday. According to the Mandiant report, the cyberattack, which state sources say is believed to have originated inside Russia, started with a “phishing” scheme, a common tactic used by cyber criminals. Last Aug. 13, a hacker sent multiple South Carolina Department of Revenue employees a malicious email containing an embedded link containing malware or a computer virus. When at least one of the employees clicked on the link, the malware was activated and allowed the hacker to steal the employee’s user name and password. From there, the hacker was off to the races. Two weeks later, the attacker logged onto the remote-access service for Department of Revenue computers, using the credentials of an employee who had clicked on the Aug. 13 email. The invader then “leveraged the user’s access rights to access other Department of Revenue systems and databases with the user’s credentials,” the report states.