In 2023, the number of businesses in South Carolina reporting security and data breaches leapt from 86 to 139, and the number of South Carolina consumers affected by those breaches more than tripled compared to 2022, according to the State Department of Consumer Affairs (SCDCA).
Almost 3.26 million consumers in the state were affected by breaches in mainly financial, healthcare, and hospitality businesses. Breaches at 62 healthcare businesses affected more than 1.5 million consumers, the largest single total last year; but another 778,891 South Carolina consumers were affected by breaches that hit just five hospitality businesses in the state. Breaches that hit 32 healthcare businesses affected 710,009 consumers.
A year earlier, just shy of 1 million consumers in the state were affected by security breaches.
Scott Cooke, director of communications for SCDCA, says that while “companies really need to take a look at their cyber security steps that they've taken and take the appropriate actions to try to prevent these things,” consumers should also be taking steps to protect themselves.
“What's frustrating sometimes as a consumer,” Cooke says, “is maybe you've done everything right, but then this type of breach is something that you really don't have control of, other than, providing information to companies.”
Recently, AT&T reported that a data breach leaked millions of former and current customers’ information online. AT&T officials said the discovery was found on the “dark web.” The leaked information contained passcodes and even social security numbers of around 7.6 million current account holders and 65.4 million former account holders.
According to Britannica, the dark web is a website not indexed by search engines and does not take a record of who visits the site.
“You have to realize that you are responsible for your own data and do not trust the companies you're dealing with or the people that manufacture the devices to protect you,” said Dr. Richard Brooks, professor of electrical and computer engineering at Clemson University. “It's not in their economic interests. The tech manufacturers have no liability for faulty products, so they don't test the products. So again, there's no reason to rely on them.”
Although data breaches happen often, there are ways consumers can try to protect themselves from avoiding their personal information being leaked. One way is to view the checklist at identitytheft.gov, a resource created by the Federal Trade Commission (FTC).
How to protect yourself as a consumer
One of the best ways to avoid having your identity stolen, Cooke says, is to not click on links or attachments that come from unfamiliar sources.
The good news for South Carolina is that the state has one of the lowest rates of successful phishing attacks – 3.74% in 2022, according to Forbes – in the United States. But phishing still happens and is often a gateway to identity theft.
Cooke says that if you get a notice from a company with which you have an account, telling you that there’s an irregularity, pay attention to it.
Contact the company directly, by the way – don’t click on the email link, it could be fraudulent.
But if the message is for real, Cooke says you need to take quick action.
“Anytime you're getting these types of notices from a company, you're really going to want to look at what type of information was exposed and kind of take those actions that you need,” he says.
The best next steps:
- Find out what exactly has been breached – credit card numbers? Social Security number? Bank account? Password to an online retailer?
- Change your passwords
- Set up multi-factor authentication, if you haven't already
- Check your balances to see if anything looks out of the ordinary
- Check with credit reporting agencies to see whether any accounts have been opened in your name
- Notify credit reporting bureaus about which accounts are fraudulent
- Set up an identity theft report with SCDCA
“You can contact our office,” Cooke says. “We have an identity theft unit. Basically, all they do is work with this type of issue and they can walk you through a checklist of things that you might need to do to take the appropriate actions to prevent further damage.”
He adds that keeping vigilant watch over your accounts will alert you sooner than later that something is wrong. And if something is, Cooke says, act on it immediately.
“Reporting [incidents] as soon as you can makes a big difference,” he says. “There are time limits, especially if it's your debit [card] or checking account. Those time limits are different than a credit card. You want to get those reports in as soon as you can, just so you're not held liable for those types of transactions.”
