South Carolina breach exposes 3.6M SSNs

This is insane:

• First the govt gets hacked, because there was a default password on the authentication system
• Then the hackers steal Personally Identifiable Information (PII), all of which was unencrypted.
• Then they make a public announcement, to claim that "The industry standard is that most SSNs are not encrypted"
• Moreover, the attack happened in mid-September, but was disclosed in late-October. The government is now giving free insurance "now" to the effected.