GOVERNOR’S CABINET ASKED TO PROVIDE INFORMATION ON UNPRECEDENTED SECURITY LAPSE
A quartet of leading South Carolina Democrats – two in the State Senate and two in the S.C. House of Representatives – are demanding answers from Gov. Nikki Haley’s administration in the wake of the worst security breach in state history.
Senators Brad Hutto (D-Orangeburg) and Vincent Sheheen (D-Camden) and Reps. Mia Butler Garrick (D-Columbia) and James Smith (D-Columbia) jointly signed a letter to Haley seeking to “ensure that the nature of this breach is fully understood and corrective measures are taken.”
“As elected representatives of the people of South Carolina, we are very concerned for the safety of their identities,” the lawmakers wrote. “There remain important questions, which have not been answered.”
Beginning on August 27, hackers infiltrated the S.C. Department of Revenue (SCDOR) database and made off with 3.6 million Social Security numbers and nearly 400,000 credit card numbers. Other more detailed information – including individual tax returns – may have also been stolen.
The breach was not detected by Haley’s administration until October 10. Meanwhile the public was not notified that their personal information had been compromised until October 26.
The hackers responsible for the breach are believed to be linked to an Eastern European crime syndicate – which was allegedly the subject of an international law enforcement operation over the last few weeks. Administration officials have referenced an ongoing criminal investigation as the reason for their delay in publicizing the breach – although they have refused to provide any specifics about that investigation.
Haley claimed this week that there was “wasn’t anything” anyone in state government could have done to avoid the breach. Of course the governor almost immediately contradicted herself when she stated that holes in the state’s costly cyber security network had since been filled.
“All the information that was compromised … is plugged, is secure and is, um, safe and … so there are no more holes and anything that can be penetrated,” Haley said.
Democrats aren’t buying it. In fact they’ve posed a detailed list of pointed questions that they want Haley’s
From the Democrats’ letter, here are those questions:
Do we know that data was actually transferred out of the system or was the system simply breached?
What types of data were compromised- the full tax return? Social security numbers? addresses? charitable contributions? W2 information? or other information?
Why were any credit card numbers kept in an unencrypted format?
To what degree was the breach the result of poor procedural, security control versus human error?
Why was this data kept in a way that was accessible to the internet?
What security audits were performed on these systems during the past two years?
Have children’s SSNs also been compromised and what steps should parents take to ensure that their IDs are protected?
What is the state willing to do beyond the year of (free) ID protection to protect the IDs of children, vulnerable adults and others who have been compromised and may not be able to afford ID protection after the year expires?
Please provide us with a copy of SCDOR’s information security standards and policy.
Please describe the time line of when and how SCDOR learned about the breach, steps that were taken, and when any other entities were notified of the breach?
Please explain how much time passed between the time SCDOR was notified of the breach and the time the public was notified?
Please provide an estimate of how much money the state will expend to deal with this breach and its aftermath?
That last question – the one about cost – is particularly troubling given that taxpayers have already shelled out their hard earned money once to keep their data secure.
The Palmetto State has received millions of dollars in cyber security grants from the U.S. Department of Homeland Security (USDHS) in recent years. Not only that, the state reportedly paid “a boatload of money” to Carnegie Mellon’s internationally recognized Computer Emergency Response Team (CERT) to train state employees on new cyber security measures.
Also, Haley’s administration experienced another major security breach less than six months ago when nearly a quarter of a million Medicare records were improperly lifted from the S.C. Department of Health and Human Services (SCDHHS).
***
27 comments
I had no idea it was this bad. I suppose the hackers now have my S/S number and other details about my life. Will our asleep-at-the-switch governor do something to compensate me for money taken from my IRA account?
The damage is done, so what matters now is how Haley deals with a bad situation. So far, that has been piss poor.
“Transparency!”
That’s easy, she has already said-what was that- “brutalize” the hacker?I see that getting done just as efficiently as everything else she does….
All are reasonable questions that will, sooner or later, be posed in a court of law.
Can anyone spell “Tea Party?”
Yes. sweepin. That’s how its spelled. Do you have a clue? Time after time I write the same thing. Repeal the last 60 years of law, stop voting for the lesser of two evils and start investing in pitchforks manufacturers
The Tea Party is no different than the Demlicans or the Republicrats. They are just as selfish as the others. What the fuck can I get out of it. Typical libtard BS.
Have a Great Day !! :)
Frank Pytel
Come on Demos, you’re just creating a “distraction” for our Governor. (to use one of Haley’s favorite terms) She’s got more important things on her mind, such as which out of state (or country) conference to attend, or where she will campaign for Romney next.
Holy shit that woman has fucked up so many times and we still have 2 more years of it.
Does the Department of Revenue have an Internal Audit Dept? If so, failure to check security would be a failure of their (Internal Audit)procedures. Internal Audit as well as the Computer Department would be equally responsible.
OOOOOH shit!!!
Spent most of my day dealing with this.
Froze credit reports, joined life lock, contacted banks, credit cards, on and on.
And, could have taken care of this and protected my information earlier had this failure of a Chief Executive not sat on this information for weeks, if not months.
All thanks to this idiots incompetence!
Just like OBama trying to cover his ass, so goes the Governor.
Holy crapola. The sky is falling.
Have a Great Day!! :)
Frank Pytel
I have a question. I went through the process and have some kind of security protection now.
But NOTHING says whether my SSN was breached or not.
You are correct. The deal was that IF your info was hacked, you get the one year protection, However, when I signed in, they did not know if my SSN was hacked. I’ll go back tomorrow and read the news articles to see if I am correct on this.
1 year? SFW. You have to live with this the rest of your life. WTF good is 1 year?
Have a Great Day!! :)
Frank Pytel
You will have to check your credit reports, which you can do for free once per year, but it is a pain in the ass to have to do that. Credit monitoring is nice to have, but there was a period of over 2 weeks we weren’t told, so it is a good idea to check ASAP.
My problem is that I did my free check on all three a few months ago, so I’ll have to pay to do it again.
Fuck that. We all need to scream. Free credit report, monthly, for the next 3 generations. This is automatic. Yeah yeah, I know. “Who’s gonna pay, man??” Well what, $10 per month for life lock right? Tricky Nicky got $110,000 per year during her tenure at LMC. $330k / 10 = 33,000 months of service. Take the rest from Harrell, Jakie boy and the rest of them. Close their bank accounts, sell there houses and run ’em up to yankeeville.
But what will really end up happening is all this mortgage crap is going to come back again. People are going to file for bancruptcy in droves. Walmart and Best Buy are going to run out of 4000″ plasma’s and HSBC will file for bancruptcy requiring… you guessed it, TARP 2 and QE5000.
Have a Great Day :)
Frank Pytel
Based on the Governor’s history of transparency as well as her forthcoming nature, I’m sure those legislators will get their questions answered quickly. Probably by the end of the week.
Compete incompacy! Seems like many people in the state IT dept need to be replaced including the director. Haley will be replaced in two years unless she is forced from office prior to the next election.
Can you say “impeach”? I reference Hank Williams’ song…..”too many parties – and too many pals”….
She will run before she will hide.
If this was a CEO of a company they would be fired. SO CAN WE IMPEACH THE GOVERNOR???? She needs to resign.
Not sure that this has anything to do with the state IT dept. I believe that the DOR has been in control of their own security for a while.
Total DOR problem.
Did the hackers get “big idioT’s” SS number from his mama’s return?
Y’all don’t worry about Nikki…..she’s got plenty of time to deal with this IT mess, Romney’s suspended campaigning for a couple of days to appear sensitive to the Sandy impact. She will have a couple of days to stay in SC!
Sad when the Democrats have to be the ones asking all the questions.
Haley is an incompetent rat who should have been impeached months ago. But, the GOP just keeps on trying to save face. Rather than, dealing with the criminal in their midst.
Why would this “international hacker” go after lil ole South Carolina? Why not NY or California, where the real money is. If your gonna spend time to hack into a system, why not make it worthwhile? Just sayin’.
No shit. Most of the rednecks in this state have bad credit.
First of all this isn’t the first time SC has been hacked. Second Gov. admitted to the holes in the computer system has Now been repaired. One reason it was hacked credit cards no encrytion, Gov. didn’t see the need for credit cards encrytion. So SC DOR records were open for whomever. So not only does everyone from 1998 in SC but babies born in SC till this FIX will have to be concerned and pay after this free year