COLUMBIA – The incidents are an all too familiar and scary part of modern life: a monthly statement shows someone has been fraudulently using your credit card; a store where you've never shopped sends you a notice demanding repayment of charges you've never made; a laptop belonging to a government agency with your personal data has been stolen.
Two years after a hacker broke into South Carolina's tax agency and took data belonging to 3.6 million taxpayers, the incidence and threats of identity theft are so pervasive that a four-person state unit regularly handles calls about the subject.
In fact, since October 2013, when the identity theft unit for the state Department of Consumer Affairs began operating, more than 3,300 people have called to talk about identity theft or some type of scam, some of which are attempts at identity theft, said Juliana Harris, a spokeswoman for the agency.
"I definitely know that calls are up," she said.
This week, a national hospital system with eight facilities in South Carolina disclosed that data belonging to 4.5 million patients nationwide had been stolen, possibly by a Chinese group of hackers, though none of the information taken included credit card or medical data.
Harris said the Community Health Systems disclosure is the sixth health care-related incidence of a data breach in the state reported to her agency since last summer. Three have occurred since July, she said.
In two cases, laptops were stolen, she said.
In another case, an attorney inadvertently sent a document with personal information of some patients. In another, she said, there was a coding error by a third party. The Medical University of South Carolina, she said, also reported a "cyber security intrusion."
In the CHS case, the company reported that in April and June of this year, hackers went after data associated with patients of physicians linked with the hospital system, including names, addresses, birth dates and Social Security numbers.
"We take very seriously the security and confidentiality of private patient information and we sincerely regret any concern or inconvenience to patients," Mary Black Health System of Spartanburg, one of the affected hospitals, said in a statement.
"Though we have no reason to believe that this data would ever be used, all affected patients are being notified by letter and offered free identity theft protection."
The disclosure is the latest in a string of data breach news affecting millions nationwide and many of the nation's top businesses, including Target, UPS and Neiman Marcus.
Earlier this month, a cyber security firm reported that it had discovered 1.2 billion usernames and passwords amassed by a Russian crime ring, gathered over the years from an estimated 420,000 websites and servers.
In response, Harris' agency sent out a press release, reminding computer users of things they can do to find out if their data has been compromised, including friends or family receiving messages they didn't send, trouble logging into email or social media sites and false posts on such sites.
Harris said the calls to the identity theft unit range from queries about the state's identity theft protection service provided by CSID for victims of the 2012 state hacking to people who say they have been victims of identity theft.
"If we do get one of those calls we have them fill out an intake form, and that kind of helps us to figure out what types of identity theft they might be a victim of, and then we can tailor our response to them," she said.
"So we don't inundate them with a bunch of information, because there are so many types of identity theft."
Sen. Kevin Bryant, an Anderson Republican who has helped craft legislation on the issue of identity theft, said the unit in Harris' agency is doing exactly what lawmakers wanted.
"That was our goal," he said. "Whether it had to do with the Department of Revenue's breach or not, regardless of the source of someone's information getting breached, we wanted them to have a centralized place for them to call and then this department could point them in the right direction."
And that's what Harris' agency does.
She said the agency will send each victim a guide to identity theft and other materials depending on their circumstances.
"If we find out someone has compromised a student loan or maybe they have medical identity theft, we have supplemental materials we add to that," she said.
The agency cannot call other agencies or businesses on a victim's behalf, she said, but it can answer all their questions and refer them to the agencies they can report identity theft.
The unit, Harris said, also handles calls to the agency about scams because often those are attempts to get identity information.
Before the unit was created and the Department of Revenue breach occurred, she would personally handle such calls and might receive 75 a month.
After the Department of Revenue breach, she said she stayed on the phone constantly all day, with every one of her lines lit up. She said she might have talked to 100 people per day following the revenue department hacking.
No one has come forward since the breach saying it has caused their identity to be stolen, she said.
"With as many breaches that happen every year it would be very hard to determine if an identity theft event was the result of one breach versus another," she said.
This summer, she said, the unit is averaging about 200 calls monthly, though it hit more than 600 one month.
The agency also educates businesses, groups and the public on identity theft and how to prevent it.
She advises consumers to be suspicious of attempts to verify identity information through email, since businesses and government agencies will rarely do that.
She also warns consumers not to call numbers in a suspicious email or click on links or attachments in such emails. People should track their finances and use updated anti-virus software, she said.
"I think we are definitely more able to address people's concerns since we have a unit that is dedicated to that," Harris said.
"I think people are becoming more aware of our identity theft unit and that they can call. I hope more people will call. Because we do have a great group of people that are ready to help and assist consumers."
WHERE TO GET HELP
If you feel you have been the victim of identity theft, contact the South Carolina Department of Consumer Affairs toll-free at 800-922-1594 or visit the agency's website at www.consumer.sc.gov.