Over two months, hackers managed to gain access to the S.C. Department of Revenue computers and steal state tax data belonging to 6.4 million consumers and businesses.
Mandiant, a Washington computer forensics firm hired by the state to investigate the incident, offered these details of how the hacking unfolded:
Aug. 13: Hackers send emails to several department employees with a link that contained malware. One employee clicks on the link unleashing a program that likely steals that person's username and password.
Aug. 27 and 29, Sept. 1-4 and Sept. 11: Hackers log into the department remotely and introduce more programs to help in their theft. They try to steal all the department passwords but use those from three additional employees, including some who have wide access to the computer system. The hackers install a backdoor and perform reconnaissance into department servers and the system that handles credit-card payments.
Never miss a local story.
Sept. 12: Hackers copy and create 23 database backup files and leave them in a directory.
Sept. 13-14: The databases are compressed into 14 smaller files and moved onto Internet. A 15th compressed file has an encrypted version of the department's data encryption key. The hackers delete the copies left on department computers.
Oct. 17: A week after the Secret Service informs the state about the breach, investigators find the back door when the hackers check their connection to a department server.
Oct. 19-20: The security holes are closed. Investigators report no sign that the hackers have tried to pry into the system since.