Frank Knapp appeared on SC ETV’s Connections this past Friday evening. Host P.A. Bennett talked with Frank about the dangers to businesses as a result of the hacking of tax data from the S.C. Department of Revenue. Also appearing on the show was Carri Grube Lybarker of the S.C. Dept. of Consumer Affairs, FBI Special Agent Chris McLure and financial empowerment coach Karen Jenkins. Click here to watch the show entitled “Protecting Your ID”. Frank’s segment starts 13:55 minutes into the program.
The total potential consequences of the hacking theft of South Carolina tax information on 700,000 businesses is gradually getting through to the public and, for that matter, the Administration of Governor Nikki Haley.
Haley first characterized the threat to businesses as no more than the risk we have when we “give a check to your grocery store.” She asserted that the business information the hackers stole somehow wasn’t a secret at all. “They got what was already public.”
But to make businesses feel more secure her office offered a state-funded business credit monitoring protection from Experian and then later much the same service at no cost from Dunn & Bradstreet.
But the business threat is much more serious than simply identity theft which results in results in destroyed credit. The actual money a business has in a checking account is at risk.
Two weeks after the hacking of the Department of Revenue data, S.C. Treasurer Curtis Loftis brought to Columbia security expert Chris Swecker, the former head of the Charlotte office of the FBI and Bank of America’s corporate security. Swecker told a symposium on the issue that up to $360 million could be swiped from individual and business bank accounts because of the data breach.
From the very beginning that the public was made aware of this failure to protect taxpayer information I have been preaching that businesses should at a minimum close their checking accounts and re-open them with new account numbers. At least we can make one part of the information stolen obsolete so as to protect against the thieves fraudulently pulling money directly out of checking accounts.
However there is a much more insidious threat—corporate account takeover. Swecker pointed out that the thieves can use the business tax information to target high-income businesses.
Corporate account takeover is real, costly and not hard to do when the thieves have all a business’s tax information. The thieves can target the businesses most likely to have significant cash from time to time in their corporate checking accounts. Business websites will give all the information the thieves will need to send malware to office computers. Just as someone at the Department of Revenue downloaded malware that let to this debacle, someone at the business will unknowingly do the same.
Once in the door, the malware will find the computer used for online banking and it’s over. The thieves will know when is the right time for them to strike. The money will be gone and the financial institution cannot be held accountable.
There are some solutions to this problem. One is inconvenient and the other will cost. I’ll discuss them tomorrow.