The South Carolina Department of Revenue recently announced a data breach affecting taxpayers who filed returns electronically, which exposed 3.8 million taxpayer Social Security numbers and nearly 400,000 credit and debit card numbers dating back to 1998.
Coalfire, an IT governance, risk and compliance (IT GRC) services company, conducted a survey of more than 600 South Carolina residents, and the findings revealed that while the majority of individuals think about the safety of their personal information on a daily or weekly basis, they don’t fully understand requirements for securing data or what actions they need to take if their personal information is compromised.
“This data breach helps to highlight the need for strong cybersecurity plans and for the modernization of compliance rules in both the public and private sectors,” said Rick Dakin, CEO and co-founder of Coalfire. “Perhaps most telling from our survey is the fact that affected individuals do not understand what they need to do in order to ensure their personal information is safe or what steps to take if it has been compromised.”
With the 2013 tax season upon us, many South Carolina residents indicated they remain concerned about filing their taxes electronically and want answers on how the government plans to protect data in the future.
“One key finding is that while citizens realize they are not experts on data security, they fully expect agencies such as state governments to safeguard their personal information,” Dakin added.
When asked if they were more or less upset/worried about this breach, one respondent stated, “This could affect my credit, my husband’s credit and all of our children.”
Key findings of the survey include:
- More than 90 percent of respondents became aware of the security breach due to widespread media coverage.
- Approximately 80 percent of those surveyed do not understand the changes, if any, they will need to make this year if they choose to file their taxes electronically.
- More than 60 percent of respondents are more concerned with a government entity being breached then commercial entities.
- The vast majority of respondents (80 percent) are not familiar with what state compliance regulations are in place to strive to keep personal data safe.
- Many respondents expressed concern for their children’s personal data as they were listed as dependents on tax returns.
- More than 60 percent of those surveyed will use the credit monitoring service that the state is offering as compensation. However, they feel that the service is less than a fully acceptable resolution and want to know why their data was not better protected.
Coalfire is an independent information technology Governance, Risk and Compliance (IT GRC) firm that provides IT audit, risk assessment and compliance management solutions. Founded in 2001, Coalfire has offices in Dallas, Denver, Los Angeles, New York, San Francisco, Seattle and Washington D.C., and completes thousands of projects annually in retail, financial services, healthcare, government and utilities. Coalfire has developed a new generation of cloud-based IT GRC tools under the NavisTM brand that Coalfire clients use to efficiently manage IT controls and keep pace with rapidly changing regulations and best practices. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, the PCI DSS, GLBA, FFIEC, HIPAA/HITECH, NERC CIP, Sarbanes-Oxley, FISMA and FedRAMP. For more information, visit www.coalfire.com.