STATEMENT FROM SENATOR VINCENT SHEHEEN ON DEPARTMENT OF REVENUE DATA BREACH AND THEFT
For weeks, I along with other many others have held back from calling a press conference as we waited for action and information from the Department of Revenue and this Administration.
But at this point, somebody has to speak up for those of us who are taxpayers of South Carolina.
Unfortunately, over the last few years we in this state have gotten used to a display of incompetency and dysfunction on the part of our state government. From agency to agency and leader to leader, our poor state has seen been subjected to ineptitude on countless occasion and at a shocking scale.
But the spectacle of the hacking scandal at the Department of Revenue, and its handling, is surely the Mother of All Government Dysfunction.
When it occurred- we were immediately told that it was just one of those things that happen. And “there was nothing more that could have been done.”
Anyone with a mind knew that was false. Within a week, I made one simple phone call to the State Information Office and learned that the D.O.R. had refused free data breach monitoring from the State Information Office that almost every other agency and even school districts were using – a system that very likely would have detected the breach.
We were told that the agency didn’t encrypt our personal data, that it forced us to give them, because other states weren’t doing it.
I picked up the phone and called the North Carolina head of their department of revenue, and he told me that they encrypted all their important data for years now. And that he couldn’t imagine that our state officials would not have failed to take that step.
Then, when a group of us simply asked the Administration and the Department for a copy of the DOR data security policy so we could better understand what went so terribly wrong, we got this – an answer you would expect in a third world banana republic- we were essentially told that they couldn’t tell us the policy that had failed so badly because it might “further compromise” security. I would have laughed if it hadn’t made me want to cry.
When we asked how someone could have used the internet to gain access to this information, we were told the internet wasn’t used. Then we find out that the internet was used to send emails to gain access to passwords within the agency.
And then, weeks and weeks later when we finally receive a copy of the contract with the private contractor who was supposedly providing security. The important parts ARE BLACKED OUT!
Seriously, what happened to transparency in government? What happened to honesty with those of us who just got our information stolen? What happened to an open book on the operations of state government?
Next the Department and Administration decide that the federal government would be a convenient scapegoat, and so somehow, which I still don’t understand, they cook up the idea to blame the IRS.
Turns out the IRS encrypts and protects its data, and issued a policy suggesting that states take every step available to provide higher security to their data.
Then just yesterday, more than a month after the state allowed the personal information of more than 3.7 million of us to be stolen, we hear a little more information leaked out from the Department under questioning at a senate hearing. We are told now that this all could have been avoided for a $25,000 password system! That the Department didn’t even think that a information security officer was a high enough priority to fill the job for almost a year!
Friends, this administration has allowed a tax to be placed on every single one of us for the rest of our lives, man, woman, and child. A tax requiring us to pay, ourselves, to monitor our credit and financial information for the remainder of our lives.
And it’s just not right. So we are demanding and calling on other more responsible leaders to help clean up this mess.
1) We are presenting today, to the non-partisan and professional staff, at the Legislative Audit Council letters requesting that an independent and comprehensive audit be conducted immediately of the DOR. To find out what really went wrong, why it went wrong, what should be done to fix it, and who ultimately bears the responsibility. Because so far, all we have seen is a lot of ducking, weaving, and excuse making. It’s time to take the politicians out of the loop. Because if you can’t trust them to tell you what went wrong, how can we trust them to tell us its been fixed.
2) And because the government imposed this tax, this cost, on our citizens. We are demanding that for a period of least five years and hopefully longer, the legislature pass a tax credit allowing every citizen and business in South Carolina a tax credit for the cost of obtaining the necessary credit protection.
3) And if the state is really serious about trying to correct the dysfunction of its agencies and incompetence of its leaders- it will promise to reimburse any South Carolina citizen who suffers a theft of his or her assets as a result of the compromised data.
Hopefully, our government has reached its low point in modern history. Hopefully, we will look back on this episode as the wakeup call we needed in government and in our state to change the way business has been done during the last decade. We will do our best to make sure that is true.
***
13 comments
here here!
sheheen is a perfect example of why strait ticket balloting should be illegal
This one was a lob for Sheheen and the Democrats. Why didn’t he issue a statement about fellow Democrats Lillian McBride, Darryl Jackson and Liz Crum?
“When it occurred- we were immediately told that it was just one of those things that happen. And “there was nothing more that could have been done.”
I thought no one but tricki nicki new right away?
“Within a week, I made one simple phone call to the State Information Office and learned…”, “And then, weeks and weeks later when we finally receive a copy…”
Why the hell didn’t this libtard blow the whistle if he knew for ‘weeks and weeks’??
“Turns out the IRS encrypts and protects its data, and issued a policy suggesting that states take every step available to provide higher security to their data.”
According to this moron he already knows what needs to be done, but wait for the libtard drums to beat…
“…requesting that an independent and comprehensive audit be conducted immediately of the DOR”,”To find out what really went wrong, why it went wrong, what should be done to fix it…”
I’ll bet this moron is a lawyer. And I’ll bet his firm gets the audit contract. And I’ll bet the contract turns out to be worth more than what they’ve offered for credit protection. Its the internet. Wikipedia says he’s a lawyer so it must be a lie if your a teacher in the public school system.
Well at least something good may be coming out of this news release.
“We are demanding that for a period of least five years and hopefully longer, the legislature pass a tax credit…”
Wow that sounds serious…
“And if the state is really serious about trying to correct the dysfunction of its agencies and incompetence of its leaders- it will promise to reimburse any South Carolina citizen who suffers a theft of his or her assets as a result of the compromised data”
Oh snap. That’s even more serious, so the first one must have been BS.
No mention of the SS #’s of our children yet though? Will they already be the proud owners of bad car loans, bad credit card debt and mortgage foreclosures on their 18th birthdays?? I guess that year before everyone will have to clean up their credit for them. Of course, even though that it is illegal for a minor to enter these types of contractual relations – Hey, this is SC. Give the supreme court a few more days. They’ll knock that one out to. Lord knows the state can gamble all they want. Its just that you can’t unless they say so.
Have a Great Day!! :) There won’t be many left with the Demlicans and Republicrats in charge.
Frank Pytel
“For weeks, I along with other many others have held back from calling a press conference as we waited for action and information from the Department of Revenue and this Administration.”
Well, he may not have called a press conference, but he was certainly approaching reporters within a few days of this being made public.
Nikki Haley-Gate
What I Fear in regards to this “Haley-Gate” is when I’m pulled over, that I’m not arrested for outstanding warrants. That were brought on by someone taking my information and committing crimes while using my identity.
Other than that, the credit monitoring company that Nikki recommends I believe I read somewhere was hacked into as well.
Thanks Fits
While Sheheen’s comments may have been a desperate attempt to call all democrats and borderline republicans to the anti-Haley bandwagon, his concept of calling the state out on their piss poor security controls is warranted. Knowing that someone has my social security number, bank account number, address, name, and who knows what else, just makes me furious and it should make every SC citizen feel the same.
As a concerned citizen, I am appalled by the lack of protection South Carolina offers to secure our most protected information. Knowing that even if minimum measures where in place; complex passwords, two factor authentication, a DMZ, strict firewall rules, spam/phishing filtering email, and/or training of best security practices to individuals who have access to the critical information, this hack would have been avoided. I shouldn’t say “hack,” South Carolina left the front door wide open for any bored computer literate individual to come in and take whatever they wanted.
It’s embarrassing that the state gets notified of vulnerabilities within their protected environment by someone walking right in and stealing everything that we call sacred. Get it together South Carolina, that money saved by skipping out on information security seems to be minute right now.
My opinion on Sheheen are my own and his motives are his own, I’m glad he isn’t letting this die. Everyone needs to grab their pitchforks and demand a change in philosophy on modern technology.
All this BS over them loosing stuff don’t mean squat. I got news for you. If you’ve ever applied for a job online, the state and probably federal supreme courts are going to say, it don’t mean nothin’.
You’ve put it out there before, so why should you feel bad when the state does it for you?
Have a Great Day!! :) There won’t be many left with the Demlicans and Republicrats in charge.
Frank Pytel
Sic,
I could not find the link to the blacked out document you mentioned above that we would all like to review and know you can scan, “And then, weeks and weeks later when we finally receive a copy of the contract with the private contractor who was supposedly providing security. The important parts ARE BLACKED OUT!” This is, afte all, South Carolina. Is it true Sic that a York County law firm is going to file a class action to be filed on Monday on this sadness, so progressive of York County, this is, after all, what?
Thanks Hero,
Ahhhhhh South Carolina
Vinny, where were YOU? You and your fellow Dems could have fixed this a long time ago. Truth is you were too stupid to know it was even an issue. No elected official has any business pointing fingers here. All are to blame for wasting time passing laws about deer hunting and human cloning and other silliness. Fix the problem, God Damn It.
Political grandstanding, preparing for the Governors race.
Sounds like this creep lawyer is going to run against Nikki again and certainly loose again. He is just another liberal progressive scumbag is all, exactly like the Failed President and his administration.
He will win this time! Or maybe he should just wait and run for President! Sheheen is far from a liberal progressive. You don’t know what you’re talking about. Just because he’s a democrat does not make him a liberal prog. (whatever that means). Quit putting people in your little boxes!
Vincent for President! (never mind governor)