SC business tax records also hacked (+ video)

ashain@thestate.comOctober 31, 2012 

Tax data belonging to as many as 657,000 South Carolina businesses also was taken in the massive security breach that exposed records of 3.6 million people, Gov, Nikki Haley said Wednesday.

Businesses can sign up for free lifetime credit monitoring from Dun & Bradstreet Credibility Corp. starting Friday, Haley said. Experian also is offering free monitoring for businesses starting Thursday, her office said.

Consumers are getting one free-year of monitoring and lifetime credit-fraud resolution from Experian as part of an agreement capped at $12 million with the state. Dun & Bradstreet Credibility Corp. is offering business protection services for free to South Carolina, the governor’s office said.

State officials said in the first days after the hack was announced on Friday that they did not think business records were exposed. But a consultant hired by the S.C. Department of Revenue, Mandiant, found businesses records were compromised on Tuesday night, Haley said.

Business can sign up for the Dun & Bradstreet Credibility Corp. monitoring service starting Friday online at www.dandb.com/sc or by phone at (800) 279-9881. No details of the Experian business plan were released.

Meanwhile, former state Sen. John Hawkins filed Wednesday in Columbia what he intends to become a class-action lawsuit over the massive data breach at the S.C. Department of Revenue.

The suit on behalf of Phillip Morgan, a 60-year-old semi-retired factory supervisor, names Gov. Nikki Haley, revenue director James Etter and the revenue department as defendants. Haley endorsed Hawkins’ opponent in the GOP primary this spring, Lee Bright, for a state senate seat in Spartanburg.

Information from tax forms belonging to 3.6 million people who filed state returns since 1998 were stolen by overseas hackers in September using state-approved credentials to enter the revenue department system. They also took 387,000 credit-card numbers. Almost all of the data was unencrypted.

“This is like a cyber-hurricane and it a category five,” Hawkins said.

The suit claims the state could have done more to protect taxpayers’ information and waited too long to notify the public of the breach -- violations of a state law to protect consumers from identity theft.

South Carolina revealed the hack on Friday, 16 days after the Secret Service informed the state of the breach. Authorities said they delayed telling the public to close the security gap and try to catch the hacker.

“This is causing a lot of unnecessary worry and heartache across South Carolina,” Hawkins said.

The governor and revenue director should stop saying nothing could have prevented the breach, Hawkins said.

“They should say what we did right and what we did wrong … and not blame a Russian syndicate,” he said.

Haley, Etter and SLED chief Mark Keel are scheduled to give an update on the breach later today.

Video from afternoon briefing by SC Governor Nikki Haley, SLED chief Mark Keel and state revenue director James Etter

Read more SC data breach news tomorrow in The State.

The State is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service