

Hackers steal 3.4 million SSNs, 387k Credit Cards from SC Dept of Revenue - ktavera
http://www.wltx.com/news/article/206768/2/Hacker-Takes-Millions-of-SC-Citizens-Personal-Info

======
ktavera
So i'm an independent contractor and as such make quarterly estimated payments
to the SC Department of Revenue. Luckily they have this ancient payment
platform that is constantly throwing classic ASP errors. I noticed one when I
did a payment the other day that made me suspect that the whole system was
vulnerable to SQL injection. I decided not to poke much further and to warn
them about it.

I've sent them two messages over the last few months warning them that a
system likely created over 10 years ago that is vital to process hundreds of
millions of dollars in tax payments shouldn't be throwing visible SQL errors
and ASP errors and that this stuff is a huge security risk... never heard
anything back.

