The South Carolina Department of Revenue said that some 3.6 million Social Security numbers and 387,000 credit and debit card numbers have been exposed in a cyber attack.

Some 16,000 of the cards were unencrypted but “the vast majority” had encryption deemed sufficient to protect the data and cardholders, according to the DOR. “We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected,” said Gov. Nikki Haley.

On October 16, investigators uncovered two attempts to probe the system in early September, and later learned that a previous attempt was made in late August. In mid-September, two other intrusions occurred, and “to the best of the department’s knowledge, the hacker obtained data for the first time.” No other intrusions have been uncovered at this time, the DOR said in an announcement, and “on October 20, the vulnerability in the system was closed and, to the best of the department’s knowledge, secured.”

The DOR also contracted an information security company to install new equipment and software and institute tighter controls on access.

Anyone who has filed a South Carolina tax return since 1998 is urged by the DOR to visit protectmyid.com/scdor or call (866) 578-5422 to determine if their information is affected.

Other steps recommended by the state:

• Regularly review credit reports;

• Place fraud alerts with the three credit bureaus; and,

• Place a security freeze on financial and credit information with the three credit bureaus.