Haley: As many as 657K businesses' records exposed in hack
COLUMBIA, S.C. (WCIV) - In the third press conference in as many days on the revenue department hacking case, South Carolina's governor said Wednesday as many as 657,000 businesses' records were taken during the security breach.
Gov. Nikki Haley said a new website - www.dandb.com/SC -- was being set up by Dun & Bradstreet Credibility Corporation that would allow businesses to sign up for credit protection. Businesses can also call 800-279-9881 to get coverage as well, she said.
The website and phone number will be accessible at 8 a.m. Friday, she said.
Dun & Bradstreet Credibility Corp. is offering its services for free, Haley added. Businesses that register will have credit monitoring for the life of the business.
"Any business customers with debit or credit cards used with the IRS or the DOR, the banks will change them for free," she said, urging people and businesses to seek protection.
According to Haley, the information taken from businesses is already publicly accessible, but she said that registering is the best move for businesses.
"(Dun & Bradstreet Credibility Corp.) opened the page just to help us. As long as businesses file, they will help," she said.
Haley said Sen. Lindsey Graham is also working with businesses that want to change their Employer Identification Number.
So far, 620,000 private residents have called the protection hotline and 418,000 people have signed up for the services provided by Experian. Haley added that she will be asking each of her cabinet members what they are doing to reach people and get them enrolled in Experian.
Moments after the press conference ended, Speaker Bobby Harrell issued an email informing people of the credit monitoring services being offered.
"Now is not the time to point blame, but time to make sure all South Carolinians' identities are protected," the email read.
"We are going to make sure that if they access an agency, this information will be given to them so we can get as many people signed up as possible," Haley said.
She said signing up is ultimately an issue of personal responsibility.
She said the Secret Service-recommended security agency Mandiant is comparing files from the hacked batch to files on the system to see who and what information was actually accessed, but added it could take a while to know.
"It could take months to find out who is in that batch," Haley said.
Department of Revenue Director Jim Etter echoed that sentiment: "it takes a long time to match what was extracted from our system with what is there."
But Etter did say the department is looking at ways to change its record-keeping, saying the state currently maintains 15 years of records.
"We're trying to see if we can shorten that to 10 (years)," he said.
When asked about the cost of Experian's services, Haley was confident. "I have no doubt the legislature will find this money," she said.
While Mandiant pores over files comparing the stolen information to the original database and Secret Service and the State Law Enforcement Division conduct the investigation, the question of who seems to be one that will only be answered in the uncertain future. Haley said the investigation has turned up nothing new about the hacker.
While the revenue department and Haley's administration try to tackle the problem head on and provide daily updates on progress, she and Department of Revenue Director Jim Etter were named in a class action lawsuit.
The lawsuit was filed by John Hawkins, a former state Senator from Spartanburg, who called the security breach a "cyber hurricane."
Hawkins said Wednesday in a release that he was filing the suit because Etter and Haley did not take timely steps in notifying the public of the security breach. He said the actions of state officials violated state law.
"There is a trial lawyer with a hand out and a tissue ready at any crisis," Haley said of the lawsuit.
However, SLED Chief Mark Keel has maintained since the breach was first announced last Friday that it was in the best interest of the investigation to hold back on releasing the information as soon as they learned of it.
"As we get information, we will pass it on immediately," Haley said. "This has been a frustrating experience for me."