Former IT security manager for SCDOR testifies about the lack of security controls prior to its breach
Jeffrey Collins of Associated Press reports:
The Department of Revenue was more concerned with keeping employees from accessing news, sports and social media websites on their work computers than protecting taxpayer data like Social Security numbers, a former computer security chief at the agency said Thursday.
Read more on Aiken Standard.
Tim Smith of Greenville Online and LaDonna Beeker of WISTV also cover Scott Shealy’s testimony at a state House of Representatives hearing on the breach that affected 3.8 million individuals almost 700,000 businesses.
Shealy testified that the state did not even look for a replacement for him for months after he resigned in September 2011, and while he was there, he claims he was unable to convince his bosses that they needed to pay more attention to security:
Until the breach, the agency declined free network monitoring of its servers, did not encrypt all its sensitive data and did not use multi-password systems to access the data, all defenses experts have said could have thrwarted the hacker.