COLUMBIA — Victims of the nations worst computer hacking at a state agency would get 10 years of credit-report monitoring under a state Senate bill introduced Wednesday.
The 6.4 million consumers, children and businesses whose financial information was stolen from the S.C. Department of Revenue last year now are getting one year of monitoring from Experian. The state paid $12 million for the service.
Experian has offered a second year of monitoring for $10 million.
State Sen. Kevin Bryant, R-Anderson, who headed a special breach investigative committee, introduced the bill that would allow the governor to keep contracting with monitoring companies to provide protection over the next decade. Monitoring quickly alerts consumers when information is added to their credit report such as a loan or delinquent bill but does not prevent identity theft.
Under Bryants measure, taxpayers could take an annual deduction of $200 or $300 through 2018 to cover the cost of buying their own credit protection if they did not want to use the state program.
His bill also would create a package of state government watchdogs to protect taxpayers personal information: a cabinet-level Department of Information Security, an identity-theft division within the S.C. Department of Consumer Affairs, a council to develop an annual statewide technology plan and an oversight committee to study security laws.
The states hacking costs are adding up.
South Carolina has spent more than $20 million to repair the breachs impact. That money was borrowed and must be repaid this year. In addition, state agencies have requested nearly $100 million in computer-related work in next years state budget, saying the money is needed to head off future hacking incidents.
However, Bryant said Wednesday that Experian should reduce the fees that it charges the state for each additional year of monitoring since it will receive repeat business from hacking victims.
Bryant also said he hopes a proposed Department of Administration, which would replace the State Budget and Control Board, could help absorb some costs of the proposed security organizations in his bill. The state also could save money by trimming duplicated work when computer functions are centralized.
Several other bills have been introduced in the General Assembly to give consumers tax credits to pay for credit-report protection and repair, as well as establishing a fund to pay people whose stolen information was used fraudulently and creating a state computer-security chief.
Were open ideas on how to do it better, Bryant said.
Hackers entered the Revenue Departments servers after an employee released a malicious program by clicking a link in a bogus email that appeared to come from a legitimate source. The data was stolen nearly a month before the Secret Service learned of the breach and informed state authorities.
Thieves took Social Security and bank account numbers as well as other personal identifying information from electronic tax file returns dating back more than a decade. Taxpayers who filed paper returns were not affected.
Law enforcement officials have not reported any cases of hackers using the Revenue Department data, but it can be months or even years before crooks use stolen information.
A state House committee investigating the breach will hear today from Mike Garon, the former Revenue Department information director who will be speaking publicly for the first time. A former Revenue Department security administrator recently told the committee that Garon allowed lax computer security at the agency in the years leading up to the hacking.
Garon left the department for undisclosed reasons a few weeks before state officials learned about the breach in October. His departure was unrelated to the incident, the agency has said.