CHARLESTON, SC (WCSC) - Hackers sitting in the far corners of the world may have their hands on the personal information of millions of South Carolina taxpayers, but someone here in the Palmetto state more than likely allowed that security breach.
That assessment comes from Frank Abagnale, who spoke to Live 5 News by phone from Phoenix, Ariz.
Abagnale, who lives in Charleston, is an expert in financial fraud and IT security. He may also be remembered for the adventures featured in the movie Catch Me If You Can. The story was based on his life as a young man. For thirty-some years since then, Abagnale has worked with the FBI to solve crimes.
"One thing I learned, there is no master criminal sitting somewhere in the world who breaks into these databases," Abagnale said of the recent data breach at the South Carolina Department of Revenue.
More than three million taxpayers' identities may be at risk.
In most cases, Abagnale said breaches happen because someone at a company or state agency has opened the door, either intentionally, or by mistake.
"Whether they've done it because they were paid to do it, or because someone read an email they shouldn't have read, someone went to a website they shouldn't have gone to. Ninety-nine percent of all breaches occur because someone is waiting for someone to open the door," Abagnale said.
When there are thousands of employees on computers, Abagnale said it doesn't take very long before someone does something they're not supposed to do, and that opens the door for a hacker to get in and steal data.
Now that the South Carolina Revenue Department has been hacked, what next?
"The second problem that I have is when we have data stolen, companies and governments like to say, 'Okay, I'll buy you one year of monitoring service for free.' But the truth is no one usually uses that information for a couple to three years because the longer they hold it, the more valuable it is," Abagnale revealed.
Unlike credit cards, which can be canceled, stealing personal information is trickier for the victim.
"You've stolen their name which they can't change, their social security number which they cannot change, their date of birth which they cannot change. So the longer you hold that information, the more valuable it becomes," Abagnale said. "It's been my experience, the people who steal a great deal of data, professional hackers, tend to sit on that information for a couple of years before they sell it because the buyer then becomes the seller and it's much more valuable. "
He recommends South Carolinians protect themselves with a credit monitoring service for at least a couple of years.
A credit monitoring service will notify you in real time through an email or text message or phone call if someone is using your personal information.
"It's like spilled milk," said Abagnale of the data breach. "So now the only thing someone like me, who lives in South Carolina, the only alternative I have at this point is to monitor my credit so that I know if they're attempting to use my number to file for taxes or get a job or get credit in my name."
Abagnale said stolen social security numbers are most commonly used to get fake tax refunds.
"Last year, the IRS paid out five billion dollars in phony tax refunds because people filed taxes using other people's social security numbers in order to obtain their refunds," Abagnale said." Of course, you can apply for credit in someone's name, you can get a mortgage in their name, you can buy a car in their name, get a job in their name or ultimately you can commit a crime in their name. So you do want to monitor your number."
By using a credit monitoring service, if someone starts using your personal information, you can put a stop to it.