Haley: 'This issue could not have been avoided'
By Eric Eganeegan@abcnews4.com
COLUMBIA, SC (WCIV) -- People across the state want answers after state officials say European hackers gained access to tax records from the Department of Revenue, dating back to 1998. Credit card and social security information, for millions, was compromised.
The governor and chief of the South Carolina Law Enforcement Division tried to explain Monday morning what they're doing to protect taxpayers. They did little to explain what allowed hackers to access the private information of 3.6 million people.
"This wasn't an issue where anyone in the agency could have avoided it," said Governor Nikki Haley. "This wasn't an issue where anyone in state government could have done something to avoid it."
Monday morning, Haley said no one can be completely safe from internet hackers, including the state's Department of Revenue. Earlier this month, nearly 400,000 credit card numbers and 3.6 million social security numbers were compromised.
"The industry standard is that most social security numbers are not encrypted, a lot of banks don't encrypt, a lot of the agencies that you think might encrypt social security numbers actually don't," Haley said. "It's not something you think about, are we are talking about it now, yes."
The state waited more than two weeks before going public with the security breach.
"I said it on Friday and I'll say it again today, the timing of notifying the public and making this public was dictated by law enforcement," said Chief of SLED, Mark Keel. "We were trying the best we could to try and protect this information, as much as we possibly could."
Haley says they will now do everything they can to protect the people. The state is offering fraud protection through the company Experian. South Carolinians can register for the service online or by phone. It provides $1 million of insurance, for just one year. Though the governor says it is retroactive.
"While people are waiting, what they need to know is this is retroactive. There is nothing from the time that this would've started, until now, that you are not protected," said Haley.
To this point analysts who've weighed in say the leak may have been caused by human error or software vulnerability. The state will foot the cost of the identity protection, but that number depends on how many people sign up.
To enroll in the free identity protection, call 1-866-578-5422 or visit protectmyid.com/scdor and use the code SCDOR-123.
You will be eligible to apply for the credit monitoring until January 31, 2013.