South Carolina Security Breaches Impacted 2,985,506 Residents in 2025

SC Consumer Affairs News

Published March 17th, 2026

Detected March 23rd, 2026

Summary

The South Carolina Department of Consumer Affairs reported that 2,985,506 residents were impacted by security breaches in 2025, a 56% decrease from 2024. The financial and health industries reported the most breaches. The department also released updated guidance for businesses and consumers on handling personal information and responding to breaches.

View original document View source feed page

What changed

The South Carolina Department of Consumer Affairs (SCDCA) has released data indicating a significant decrease in the number of residents affected by security breaches in 2025 compared to 2024. In 2025, 99 businesses reported breaches affecting 2,985,506 South Carolinians, a 56% drop from the previous year. The financial and health sectors reported the highest number of breaches. The SCDCA also highlighted its role in posting breach notices and provided updated resources for both consumers and businesses.

Businesses that experience a breach affecting over 1,000 residents are required to notify the SCDCA and affected individuals. Consumers who receive a breach notice are advised to protect their accounts by changing passwords, enabling multi-factor authentication, monitoring financial statements, and considering fraud alerts or security freezes. The SCDCA is hosting a webinar for consumers on March 18, 2026, and offers resources for businesses on data protection laws.

What to do next

Businesses: Ensure compliance with South Carolina's data breach notification requirements.
Consumers: Implement recommended steps to protect accounts and monitor financial information following a breach.
Review updated guidance publication 'Identity Theft & The Law: A Guide for Business and Government'.

Source document (simplified)

Tue, 03/17/2026 COLUMBIA, S.C. – The number of South Carolinians impacted by security breaches declined by 56 percent over the past year. During 2025, 99 businesses reported breaches to the South Carolina Department of Consumer Affairs (SCDCA). Those breaches affected 2,985,506 South Carolina residents. That’s a dramatic drop compared to 2024 when 6,710,824 residents were affected by 121 breaches reported to SCDCA.

During 2025, financial businesses and the health industry reported the most breaches (25). Breaches involving financial businesses impacted 819, 951 residents. Those involving the health industry impacted 571,140 residents. The education sector rounded out the top three, reporting 17 breaches, impacting 709,072 South Carolinians.

A business must let South Carolina residents know when their personal information is breached. When the breach affects more than 1,000 residents, the business must give the Department a copy of the notice sent to those residents. Notices received by SCDCA are posted on the Department’s website.

SCDCA encourages consumers that receive a security breach notice to take these steps:

Protect impacted accounts by changing your password right away and turning on multi-factor authentication. Passwords should be unique to each account and at least 16 characters long with mixed-case letters, numbers and symbols. Using multi-factor authentication will add an extra step (like a text message code or facial recognition) to your login process, making it more secure. Checkout our video “ Passwords and Passkeys ” for tips on creating a strong password and protecting your accounts from hackers.
Closely monitor your credit report and financial statements/accounts. Check all monthly statements and account activity for unauthorized purchases/accounts and suspicious items. You can obtain your FREE credit reports by visiting annualcreditreport.com or calling (877) 322-8228.
Consider a fraud alert and security freeze. When you have a fraud alert on your report, a business must verify your identity before it issues credit or services in your name. This makes it harder for a thief to open new accounts in your name. A security freeze stops anyone from opening new accounts using your information, until you lift the freeze. Contact one of the three major credit reporting agencies to place an alert and contact each of them to place a freeze: Equifax (800) 685-1111, Experian (888) 397-3742 and TransUnion (888) 909-8872. On Wednesday, March 18 at 10:30 a.m., SCDCA will host a free webinar for consumers to learn more about the steps to take if they receive a security breach notification. Register to watch/listen from any digital device by clicking here.

SCDCA offers quarterly webinars to provide businesses with an overview of the state and federal laws on how to handle the personal information of South Carolina residents. Webinars are posted on our Upcoming Presentations page as they are scheduled. A newly updated publication Identity Theft & The Law: A Guide for Business and Government is also available with information on the applicable laws.

For additional tips on how to protect your information in the wake of a breach, check out our flyer on breach tools and learn how to protect your devices by reading “ Cybersecurity Basics.” Consumers can also call SCDCA's Identity Theft Unit at 800-922-1594. The Unit is dedicated to offering consumers tailored guidance on scams, security breaches and identity theft issues.

About SCDCA

Established in 1974, DCA has more than fifty years of experience in protecting South Carolina consumers while recognizing those businesses that act honestly and fairly. Cultivating a marketplace comprised of well-informed consumers and businesses prevents deceptive and unfair business practices, allows legitimate business activity to flourish, resulting in the promotion of competition and a healthier economy.

[CGL1] Add in website links