South Carolina Department of Revenue Data Breech

The South Carolina Department of Revenue recently suffered a major data breach, leading to 3.8 million tax payers and their 1.9 million dependents having their Social Security numbers exposed along with credit cards (5K) and bank account information (3.3 million accounts).The attacker gained access to 44 servers, installing 33 pieces of malicious software and utilities along the way, all undetected.  The organization had no idea they were breached. It was not until law enforcement brought evidence to the department regarding three cases identify theft, that they were even aware something might be wrong.

According to the official incident report ( PDF)  they are not sure how the hacker gained access, but believe it was via  a phishing attack, where an employee opened an infected attachment and the attacker was able to get a username and password. The attacker was able to log into the network using valid credentials and once inside the network was able to access numerous servers, installing tools to help exploit systems along the way.
 

Detection

Since the attack  South Carolina Governor, Nikki Haley said the State is implementing stronger security policies and tools including 24/7 monitoring. But, you have to wonder why there was no monitoring in the first place. The  attacker was inside the network for months installing software, much of which was malicious, compressing and downloading database files, accessing log files and more. There were no warnings, or red flags alerting the network administrators that something was wrong.  Incident detection and system state intelligence should be part of any information security strategy to help manage risk, which unfortunately  South Carolina has had to  learn the hard way.