The S.C. Department of Revenue has announced that about 3.6 million Social Security numbers and 387,000 credit and debit card numbers have been exposed in a cyber attack. Of the credit cards, the vast majority are protected by strong encryption deemed sufficient under the demanding credit card industry standards to protect the data and cardholders. About 16,000 are unencrypted. To protect taxpayers, the state will provide those affected with one year of credit monitoring and identity theft protection. Officials stress that no public funds were accessed or put at risk. On the recommendation of law enforcement officials, DOR contracted information security company Mandiant to assist in the investigation, help secure the system, install new equipment and software and institute tighter controls on access. On October 16, investigators uncovered two attempts to probe the system in early September, and later learned that a previous attempt was made in late August. In mid-September, two other intrusions occurred, and to the best of the department’s knowledge, the hacker obtained data for the first time. No other intrusions have been uncovered at this time. On October 20, the vulnerability in the system was closed and, to the best of the department’s knowledge, secured, according to the DOR.