Taxpayer data exposed in cyber attack on South Carolina agency

The vast majority of the credit card numbers were encrypted, but about 16,000 were not, meaning the data was fully exposed, state police said.

None of the Social Security numbers were encrypted, said State Law Enforcement Division spokesman Thom Berry.

Berry said the hacker used a foreign Internet Protocol (IP) address to gain access to the data.

Officials said no public funds were accessed or put at risk. An investigation into the security breach is ongoing.

Investigators this month discovered two attempts to probe the Department of Revenue's system in early September, and later learned of an attempt made in late August, state officials said.

Two other intrusions occurred in mid-September. The department determined that the hacker had obtained data for the first time, according to a statement from the state.

Officials said the vulnerability in the system was closed on October 20 and is believed to be secured.

Anyone who filed a South Carolina tax return since 1998 is being urged to find out whether their information was affected. The state will provide those affected with one year of credit monitoring and identity theft protection.

(Reporting by Harriet McLeod; Editing by Colleen Jenkins and Philip Barbara)