Poor Security & Information Sharing – A story of a breach and its aftermath in the deep south


Everyone has heard of the South Carolina Department of Revenue breach. The only thing surprising about it is . . . well, there is nothing surprising about it. Controls were inadequate resulting in a very easy attack being successful.

What is interesting, and I predict much more of this occurring in 2013, is informal information sharing agreements. Credit Unions in South Carolina are banding together to share information to protect themselves and customers from fraud resulting from the breach:

“One upshot is that banks and credit unions have formed a kind of mutual assistance pact to monitor for fraud that might stem from the breach and to share warnings among the participating institutions.”
And because I can’t resist one last poke (okay two pokes):

Poke 1:

“Brandon Pugh, director of public affairs of the South Carolina Credit Union League, said in an interview, that credit unions were surprised the state did not have adequate protections in place.”
Really? Really?
Poke 2:
“Pugh stressed that he was unaware of any theft that can be attributed to the data breach.”
I’ve written these gems many a time. Identity theft is often not detected for months or even years after identifying information is stolen.
Of course, the media publishes a small fraction of what is said by the parties involved in breaches. He may very well have said something brilliant.
PS: Please train your people not to click on links of cute kittens.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s