Longer state-paid monitoring considered for 6M-plus SC hacking victims

ashain@thestate.comFebruary 7, 2013 


  • SC data theft help Consumers: Sign up for one year of free credit monitoring and insurance, and lifetime ID theft-resolution services – protectmyid.com/scdor (use the code “scdor123”) or call (866) 578-5422. Businesses: Sign up for free monitoring from Dun & Bradstreet Credibility Corp. – dandb.com/sc or (800) 279-9881 – or Experian – smartbusinessreports/southcarolina. Additional steps From the SC Department of Consumer Affairs 1. Place an initial fraud alert on your credit report. To place an initial fraud alert on your credit report, you only have to call one of the Credit Reporting Agencies (CRA) and it will notify the other two. This is a FREE service. Once you place the alert, you will receive notice that you can get one free copy of your credit report from each of the Credit Reporting Agencies (CRAs). See No. 3 below for phone numbers. 2. Place a security freeze on your report. You must call each of the CRAs to do this. It is FREE to place, thaw, and lift the freeze for SC Residents. Once you place the freeze, you will receive a PIN number you can use to thaw or lift the freeze. Make sure to keep it in a safe place. You can place the freeze online at the addresses below or by calling the numbers listed in No. 3: • freeze.equifax.comexperian.com/freezefreeze.transunion.com 3. The phone numbers are the same to place a fraud alert and to place a security freeze on your credit report: • Equifax: 800-525-6285 • TransUnion: 800-680-7289 • Experian: 888-397-3742 4. Perform these steps for any Social Security number you think might be affected. The fraud alert and security freeze are linked to your Social Security number, so each person in the household must place it separately. 5. Remember to track your finances. Always review your banking statements as soon as you receive them. Also review your credit report regularly. You are entitled to a free credit report from each one of the three major credit reporting agencies annually. You can obtain your report by visiting annualcreditreport.com or calling (877) 322-8228. Check your statements and credit report for unauthorized purchases/accounts and incorrect information. 6. For more information on protecting against ID Theft, including information on placing a security freeze, visit the SC Department of Consumer Affairs "Identity Theft Resources" webpage.

— Victims of the nation’s worst computer hacking at a state agency would get 10 years of credit-report monitoring under a state Senate bill introduced Wednesday.

The 6.4 million consumers, children and businesses whose financial information was stolen from the S.C. Department of Revenue last year now are getting one year of monitoring from Experian. The state paid $12 million for the service.

Experian has offered a second year of monitoring for $10 million.

State Sen. Kevin Bryant, R-Anderson, who headed a special breach investigative committee, introduced the bill that would allow the governor to keep contracting with monitoring companies to provide protection over the next decade. Monitoring quickly alerts consumers when information is added to their credit report – such as a loan or delinquent bill – but does not prevent identity theft.

Under Bryant’s measure, taxpayers could take an annual deduction of $200 or $300 through 2018 to cover the cost of buying their own credit protection if they did not want to use the state program.

His bill also would create a package of state government watchdogs to protect taxpayers’ personal information: a cabinet-level Department of Information Security, an identity-theft division within the S.C. Department of Consumer Affairs, a council to develop an annual statewide technology plan and an oversight committee to study security laws.

The state’s hacking costs are adding up.

South Carolina has spent more than $20 million to repair the breach’s impact. That money was borrowed and must be repaid this year. In addition, state agencies have requested nearly $100 million in computer-related work in next year’s state budget, saying the money is needed to head off future hacking incidents.

However, Bryant said Wednesday that Experian should reduce the fees that it charges the state for each additional year of monitoring since it will receive repeat business from hacking victims.

Bryant also said he hopes a proposed Department of Administration, which would replace the State Budget and Control Board, could help absorb some costs of the proposed security organizations in his bill. The state also could save money by trimming duplicated work when computer functions are centralized.

Several other bills have been introduced in the General Assembly to give consumers tax credits to pay for credit-report protection and repair, as well as establishing a fund to pay people whose stolen information was used fraudulently and creating a state computer-security chief.

“We’re open ideas on how to do it better,” Bryant said.

Hackers entered the Revenue Department’s servers after an employee released a malicious program by clicking a link in a bogus email that appeared to come from a legitimate source. The data was stolen nearly a month before the Secret Service learned of the breach and informed state authorities.

Thieves took Social Security and bank account numbers as well as other personal identifying information from electronic tax file returns dating back more than a decade. Taxpayers who filed paper returns were not affected.

Law enforcement officials have not reported any cases of hackers using the Revenue Department data, but it can be months – or even years – before crooks use stolen information.

A state House committee investigating the breach will hear today from Mike Garon, the former Revenue Department information director who will be speaking publicly for the first time. A former Revenue Department security administrator recently told the committee that Garon allowed lax computer security at the agency in the years leading up to the hacking.

Garon left the department for undisclosed reasons a few weeks before state officials learned about the breach in October. His departure was unrelated to the incident, the agency has said.

The State is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service