By Tim Smith, the Greenville News
COLUMBIA - South Carolina state agencies and businesses over a three-year period reported dozens of computer security breaches that potentially could affect at least 410,000 people, a report obtained by GreenvilleOnline.com shows.
Much of that, according to a report by the state Department Consumer Affairs, came from healthcare organizations last year, which reported breaches affecting a possible 325,000 people.
The report does not include the most recent fiscal year, or the database theft earlier this year of almost 230,000 records from the Department of Health and Human Services, said Juliana Harris, spokeswoman for the agency.
State law requires businesses or government agencies to report computer security breaches to the Consumer Affairs Office if the potential impact is at least 1,000 people.
They must also notify the major credit bureaus and include the timing, distribution and content of the notices sent to affected consumers. A breach is defined as the unauthorized access of items containing personal identifying information. It does not necessarily mean the information was actually stolen or misused.
Some organizations did not report numbers of people affected, officials said, so the actual number could be much higher.
The report does not list the names of businesses or government agencies reporting the security breaches.
GreenvilleOnline.com has filed a South Carolina Freedom of Information Act request, which the agency required, to gain public access to the names.
The law requires every business or agency reporting to them to notify affected customers or residents.
The law went into effect in July 2009, although some companies reported breaches for 2008 as well.
The agency has so far received a total of 56 notices of computer breaches with a total impact of 410,865 residents, according to the report.
Of the 56 disclosures, the healthcare industry, such as hospitals, submitted nine notices affecting 340,000 residents. Government agencies submitted six breaches affecting 35,000 residents; financial organizations turned in 12 breach notices affecting almost 19,000 consumers; and other industries submitted 29 notices affecting about 17,000 residents, according to the data from Consumer Affairs.
A total of six breaches were reported last year but the number of people affected far exceeded previous years, according to the report, which does not detail any consequences of the breaches.
Healthcare organizations alone reported 325,000 people impacted from three security breaches in 2011, according to the data.