Proofpoint: Security, Compliance and the Cloud

November 27, 2012

Spear Phishing Attack Cause of Massive South Carolina Data Breach

Spear phishing cause of South Carolina Dept. of Revenue Data BreachIt will come as no surprise to regular readers of this blog, but it was revealed this week that a recent, massive data breach at the South Carolina Department of Revenue -- which exposed "millions of Social Security numbers, bank account information and thousands of credit and debit card numbers" according to SearchSecurity -- started with a phishing attack around mid-August 2012.

According to the official response report (South Carolina Department of Revenue, Public Incident Response Report, November 20, 2012),  "A malicious (phishing) email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware likely stole the user’s username and password."

Later, the attacker logged into a remote access service using compromised user credentials and began an ongoing process of escalating privileges and installing malware on compromised servers. Potentially stolen information exfiltrated by the attacker totalled more than 74 Gigabytes of data.

SearchSecurity's coverage (see, "Phishing attack, stolen credentials sparked South Carolina breach") notes that, "In addition to the 3.8 million people whose data were exposed, the breach included information on 1.9 million dependents. It also included data on 699,900 businesses. Information on 3.3 million bank accounts were also stolen."

SC Magazine also has a good summary of this attack and the phishing attack that ulitmately lead to the release of confidential information (see, "S.C. tax breach began when employee fell for spear phish").

If you're interested in the methods and motives of today's advanced targeted attackers, you'll want to join us for our next live web seminar, "Targeted Hybrid Attacks on Organizations:
2012 & Beyond
," on Wednesday, December 5 (11 AM PT / 2 PM ET).

Forrester Research security analyst Rick Holland will be on hand to discuss the South Carolina breach as just the latest example of spear phishing-lead attacks, why organizations keep getting phished, and how to apply today's email security solutions to keep your enterprise's most valuable data secure.

Follow the link above to register, or simply complete the form below:


Feed You can follow this conversation by subscribing to the comment feed for this post.

I had bad experience with phishing.Now I have been useing Sticky Password for several years. It continues to do the job well and customer support, on the few times I have needed it, was fast and helpful.

The comments to this entry are closed.


Blog Search

Email Security Gateways, 2012

Magic Quadrant


What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption