Soon after the public learned hackers had swiped taxpayer information from the S.C. Department of Revenue, rumors circulated that authorities had paid a ransom to retrieve the stolen data from overseas.
A state senator decided Wednesday he wanted an answer before the state Legislature decides whether to spend millions more this year to protect South Carolinians from being defrauded.
“If a ransom has been paid for stolen materials and those materials have been recovered, then this money can only be part of a cover-up of the truth that all South Carolinians are entitled to know,” state Sen. Brad Hutto, D-Orangeburg, wrote in a letter to Republican Gov. Nikki Haley.
Haley’s office referred questions to the U.S. Secret Service and State Law Enforcement Division, which have been investigating the theft of information from electronic state tax returns belonging to 6.4 million consumers, their children and businesses.
SLED Chief Mark Keel and Bob Rolin, the Secret Service’s special agent in charge in South Carolina, declined to comment, citing the ongoing investigation.
Rumors that the stolen data were ransomed have continued to circulate over the past eight months, fueled in part by the silence of state and federal law enforcement officials, who have not released updates on their breach investigation.
Hutto took to the Senate floor Wednesday to tell fellow senators that he had sent Haley a letter.
Hutto said his letter to Haley was triggered by phone calls from what he would describe only as reliable sources. Those sources suggested he ask about a ransom as the state prepares to spend $25 million on cyber-security remedies next year. The money would go toward establishing a new state computer security division and continuing credit-fraud prevention.
South Carolina already has paid more than $20 million to resolve what is considered the largest-ever hacking of a U.S. state agency. More than half of that money went to a $12 million emergency contract for Experian to provide credit-fraud monitoring.
Hutto, a critic of the Haley administration, said he does not want the state to spend unnecessarily for fraud protection when the money could be used for other needs, such as education.
Hutto and others said there have been no reports that the stolen information has been used. That could mean a ransom was paid, Hutto said.
Identity-theft experts, however, say crooks could wait years to misuse stolen financial data.
Hutto said he does not think state money was used to pay the hackers, but federal authorities led the data-rescue efforts.
“I understand why the question might not have been answered in October (when the breach was revealed) because the investigation truly was ongoing,” Hutto said in an interview. “But, at this point and time, we probably know — to the best we’re going to know — what happened.”
State Sen. Kevin Bryant, a Republican from Anderson who chairs a Senate committee that investigated the hacking, said he was asked by authorities not to repeat that a ransom may have been offered to recover the stolen data. Even if a ransom was paid, hacking victims remain vulnerable, Bryant said.
“I don’t see the wisdom in paying ransom to someone who’s stolen from you (and) who’s probably sold this file to 10, 15 different cyber-criminals,” Bryant said. “If he was smart, he would come in next year and say, ‘Hey, I found a second copy. Could you give me another X amount of dollars?’ ”
House Majority Leader Bruce Bannister, a Greenville Republican who headed a House committee on the breach, said law enforcement and Revenue Department officials were hopeful the hacker was identified fast enough to keep the information contained.
Bannister was not sure if the data were seized or the hacker was arrested. He said he does not know if a ransom was paid.
State authorities monitoring identity-theft cases since the hacking have not found any links to the stolen tax information, Bannister said. “There is still hope, long-term, that people’s identity will not be stolen as result of that breach.”
Hackers accessed the Revenue Department’s computers after an employee clicked on an email link that released a malicious software program. Hackers were able to collect employee passwords and download information in September from state tax returns filed electronically dating back to 1998.
The theft was discovered a month later by the Secret Service. The public was not told of the theft for another 16 days while authorities said they were investigating the breach.
One day, 9 issues
The General Assembly has only one day left — today — in the first year of its current two-year legislative session. Lawmakers have until 5 p.m. Thursday to pass bills. Anything that has not passed both bodies by that time will have to wait until lawmakers return to Columbia in January for consideration. A look at the status of some key issues: