At the end of October South Carolina announced a large data breach that claimed the information of primarily of 3.6 million people. On Oct. 31 Governor Nikki Haley announced that the breach also included the tax information of as many as many as 657,000 S.C. businesses.
Originally the state did not think business records had been hacked. However a consultant hired to investigate the situation discovered the additional problem late Tuesday night. It become public record after a two-hour Senate Finance Committee hearing, where Revenue Department director James Etter pointedly was asked whether business records also had been taken by the hackers.
The state is offering free credit monitoring for businesses through Experian and Dun & Bradstreet. However there are a lot of problems that could slip through the cracks that would not be discovered by either program.
Business identity theft involves the actual impersonation of the business itself. A business’ EIN (federal employer identification number) is, in some respects, a business form of Social Security number because of the ways it is frequently used to uniquely identify the business. Many business identity theft schemes occur, and many fraudulent accounts can be opened, with just a business’ name, address, and EIN.
Banks are eager to work with companies and extend credit to them since businesses typically have larger accounts than individuals. Also it is expected that a business will spend more than a consumer. An average individual consumer may have a credit limit of $1,000 to $5,000, while an established business may have credit lines of $25,000 to $100,000 or more. This type of crime can be costly to businesses and financial institutions.
Besides significant financial loss this crime can cause a loss of customer base and reputation. Some businesses I’ve assisted had thieves open second offices leaving the original company with the bill for utilities, hundreds of dollars worth of stolen computer equipment, rent and leased furniture. Another company found his phone number on his website had been changed and customers were told the roofing company was closed. Callers were referred to another company.
Other fraudulent crimes under business identity theft include thieves posing as tax return companies, medical providers, providers of medical equipment, and even mail order houses.
U.S. Sen. Lindsey Graham, R-Seneca, is working with the federal Internal Revenue Service to allow businesses to change their federal tax identification numbers, which are part of the compromised tax records, Gov. Haley said.
Overseas hackers used state-approved credentials to enter the Revenue Department system in August and September. State officials have appropriately declined to discuss any more details of the investigation into the hacking. That investigation is being led by the Secret Service, which told S.C. authorities about the breach on Oct. 10.