

3.6 Million Tax Payers Exposed in South Carolina Cyberattack - techinsidr
http://www.securityweek.com/south-carolina-hit-massive-cyberattack

======
ktavera
I live in SC and in the last few months complained to the SC DOR numerous
times that their online "ePay" system was horribly outdated and a huge
security hole. I accidentally stumbled on a possible SQL injection exploit
while I was making a tax payment last month and reported it to them... No
response.

This is just a prime example of the incompetence of state government IT
departments. They likely paid millions of dollars in 1995 for this system to
be developed (written in classic ASP and throws very detailed errors to users
all the time) and just never thought to update it since? This system probably
processes hundreds of millions of dollars in tax payments every year. You
would think this would be the one system the state government would want to
keep up to date and secure.

Also they had my credit card on file so it was one of the ones compromised
that was "encrypted" (honestly I suspect since the system was designed in the
90's that original recipe DES was used).

------
hnwh
wait until this one shows up on fiver

