Soon after the public learned hackers had swiped taxpayer information from the S.C. Department of Revenue, rumors circulated that authorities had paid a ransom to retrieve the stolen data from overseas.
A state senator decided Wednesday he wanted an answer before the state Legislature decides whether to spend millions more this year to protect South Carolinians from being defrauded.
“If a ransom has been paid for stolen materials and those materials have been recovered, then this money can only be part of a cover-up of the truth that all South Carolinians are entitled to know,” state Sen. Brad Hutto, D-Orangeburg, wrote in a letter to Republican Gov. Nikki Haley.
Haley’s office referred questions to the U.S. Secret Service and State Law Enforcement Division, which have been investigating the theft of information from electronic state tax returns belonging to 6.4 million consumers, their children and businesses.
SLED Chief Mark Keel and Bob Rolin, the Secret Service’s special agent in charge in South Carolina, declined to comment, citing the ongoing investigation.
Rumors that the stolen data were ransomed have continued to circulate over the past eight months, fueled in part by the silence of state and federal law enforcement officials, who have not released updates on their breach investigation.
Hutto took to the Senate floor Wednesday to tell fellow senators that he had sent Haley a letter.
Hutto said his letter to Haley was triggered by phone calls from what he would describe only as reliable sources. Those sources suggested he ask about a ransom as the state prepares to spend $25 million on cyber-security remedies next year. The money would go toward establishing a new state computer security division and continuing credit-fraud prevention.
South Carolina already has paid more than $20 million to resolve what is considered the largest-ever hacking of a U.S. state agency. More than half of that money went to a $12 million emergency contract for Experian to provide credit-fraud monitoring.
Hutto, a critic of the Haley administration, said he does not want the state to spend unnecessarily for fraud protection when the money could be used for other needs, such as education.
Hutto and others said there have been no reports that the stolen information has been used. That could mean a ransom was paid, Hutto said.
Identity-theft experts, however, say crooks could wait years to misuse stolen financial data.
Hutto said he does not think state money was used to pay the hackers, but federal authorities led the data-rescue efforts.
“I understand why the question might not have been answered in October (when the breach was revealed) because the investigation truly was ongoing,” Hutto said in an interview. “But, at this point and time, we probably know — to the best we’re going to know — what happened.”
State Sen. Kevin Bryant, a Republican from Anderson who chairs a Senate committee that investigated the hacking, said he was asked by authorities not to repeat that a ransom may have been offered to recover the stolen data. Even if a ransom was paid, hacking victims remain vulnerable, Bryant said.
“I don’t see the wisdom in paying ransom to someone who’s stolen from you (and) who’s probably sold this file to 10, 15 different cyber-criminals,” Bryant said. “If he was smart, he would come in next year and say, ‘Hey, I found a second copy. Could you give me another X amount of dollars?’ ”
House Majority Leader Bruce Bannister, a Greenville Republican who headed a House committee on the breach, said law enforcement and Revenue Department officials were hopeful the hacker was identified fast enough to keep the information contained.
Bannister was not sure if the data were seized or the hacker was arrested. He said he does not know if a ransom was paid.
State authorities monitoring identity-theft cases since the hacking have not found any links to the stolen tax information, Bannister said. “There is still hope, long-term, that people’s identity will not be stolen as result of that breach.”
Hackers accessed the Revenue Department’s computers after an employee clicked on an email link that released a malicious software program. Hackers were able to collect employee passwords and download information in September from state tax returns filed electronically dating back to 1998.
The theft was discovered a month later by the Secret Service. The public was not told of the theft for another 16 days while authorities said they were investigating the breach.
One day, 9 issues
The General Assembly has only one day left — today — in the first year of its current two-year legislative session. Lawmakers have until 5 p.m. Thursday to pass bills. Anything that has not passed both bodies by that time will have to wait until lawmakers return to Columbia in January for consideration. A look at the status of some key issues:
Budget: Competing $22.7 billion spending plans have passed the House and Senate. Now, leaders hope to work out a compromise, possibly working this weekend, so they can send a budget to Gov. Nikki Haley.
Cyber-security: A bill to create a computer-security division, after the massive breach at the state Revenue Department, passed the Senate but failed in a House panel. The House and Senate each budgeted $25 million for hacking remedies.
Department of Administration: The House and Senate have passed different versions of a bill to create a new department. A conference committee, made up of lawmakers from both bodies, met Wednesday but took no action. A compromise still is possible when legislators return for a special session later this month.
Education reform: Senate bills to create a statewide reading initiative and expand 4-year-old kindergarten are still in committee and will not pass this year. However, lawmakers could yet include in the budget money to expand 4-year-old kindergarten and create summer reading camps.
Ethics: The House has passed a bill overhauling state ethics laws. But the Senate Judiciary Committee changed it. The full Senate was debating the proposal Wednesday night. (See story on Page B1.)
Jobs: The Legislature passed, and Gov. Haley approved, borrowing $120 million for Boeing to expand its North Charleston plant. The Senate is deliberating several tax incentives for businesses, including an “angel” investor bill, and tax credits for port cargo and jobs retraining.
Medicaid expansion: The Legislature’s GOP majority refused to expand Medicaid, which provides health insurance to the poor and disabled. Instead, they endorsed a plan — in the budget — to give more money to free and subsidized medical clinics, and encourage hospitals to steer uninsured patients out of emergency rooms and into those clinics.
Repairing state roads and bridges: The budget includes an extra $50 million a year for the State Infrastructure Bank to use to borrow up to $500 million to repair roads and bridges. A Senate proposal to borrow $1.3 billion and raise several fees, including the gas tax, has stalled and will not be considered this year.
School safety: A Senate bill that would put an armed police officer in every school has bipartisan support but is on hold until next year as lawmakers deal with other budget priorities.