South Carolina governor Nikki Haley last week blamed outdated Internal Revenue Service (IRS) standards for the recent breach that exposed 3.8 million taxpayers' Social Security numbers (SSNs).
"South Carolina is compliant with IRS rules, but the IRS does not require SSNs to be encrypted, she said," Computerworld's Jeremy Kirk. "The state will now encrypt SSNs and is in the process of revamping its tax systems with stronger security controls. She said she has sent a letter to IRS to encourage the agency to update its standards to mandate encryption of SSNs."
"'If you combined the fact that we had 1970 equipment with the fact that we were IRS compliant was a cocktail for an attack,' Haley said. 'The IRS, which we were compliant with, does not believe that you have to encrypt Social Security numbers,'" writes SearchSecurity's Robert Westervelt.
"The IRS responded early Wednesday, refuting the governor's claim," writes WMBF's Jody Barr. "In an e-mail, IRS spokeswoman Michelle Eldridge wrote: 'Protecting taxpayer data is our top priority at the IRS. We have many different systems with a variety of safeguards -- including encryption -- to protect taxpayer data. The IRS has in a place a robust cyber security of technology, people and processes to monitor IRS systems and networks. We work closely with the states to ensure the protection of federal tax data. We have a long list of requirements for states to handle and protect federal tax information. Just as importantly, we expect the states to follow the standards of the National Institute of Standards and Technology.'"
"Haley also accepted the resignation of South Carolina Department of Revenue director Jim Etter as of December 31," writes Accounting Today's Michael Cohn. "He will be replaced by Bill Blume, who currently serves as executive director of the South Carolina Public Employee Benefit Authority."