Tax data belonging to as many as 657,000 South Carolina businesses also was taken in the massive security breach that exposed records of 3.6 million people, Gov, Nikki Haley said Wednesday.
Businesses can sign up for free lifetime credit monitoring from Dun & Bradstreet Credibility Corp. starting Friday, Haley said. Experian also is offering free monitoring for businesses starting Thursday, her office said.
Consumers are getting one free-year of monitoring and lifetime credit-fraud resolution from Experian as part of an agreement capped at $12 million with the state. Dun & Bradstreet Credibility Corp. is offering business protection services for free to South Carolina, the governor’s office said.
State officials said in the first days after the hack was announced on Friday that they did not think business records were exposed. But a consultant hired by the S.C. Department of Revenue, Mandiant, found businesses records were compromised on Tuesday night, Haley said.
Business can sign up for the Dun & Bradstreet Credibility Corp. monitoring service starting Friday online at www.dandb.com/sc or by phone at (800) 279-9881. No details of the Experian business plan were released.
Meanwhile, former state Sen. John Hawkins filed Wednesday in Columbia what he intends to become a class-action lawsuit over the massive data breach at the S.C. Department of Revenue.
The suit on behalf of Phillip Morgan, a 60-year-old semi-retired factory supervisor, names Gov. Nikki Haley, revenue director James Etter and the revenue department as defendants. Haley endorsed Hawkins’ opponent in the GOP primary this spring, Lee Bright, for a state senate seat in Spartanburg.
Information from tax forms belonging to 3.6 million people who filed state returns since 1998 were stolen by overseas hackers in September using state-approved credentials to enter the revenue department system. They also took 387,000 credit-card numbers. Almost all of the data was unencrypted.
“This is like a cyber-hurricane and it a category five,” Hawkins said.
The suit claims the state could have done more to protect taxpayers’ information and waited too long to notify the public of the breach -- violations of a state law to protect consumers from identity theft.
South Carolina revealed the hack on Friday, 16 days after the Secret Service informed the state of the breach. Authorities said they delayed telling the public to close the security gap and try to catch the hacker.
“This is causing a lot of unnecessary worry and heartache across South Carolina,” Hawkins said.
The governor and revenue director should stop saying nothing could have prevented the breach, Hawkins said.
“They should say what we did right and what we did wrong and not blame a Russian syndicate,” he said.
Haley, Etter and SLED chief Mark Keel are scheduled to give an update on the breach later today.