Latest On Hack: State Sued, Businesses to Be Protected
State has partnered with Dun & Bradstreet to protect companies that have been or may be victimized by hack.
UPDATED 1:12 P.M. Thursday - to include information about capped payouts from state agencies.*
In the fourth press conference since it was announced that the South Carolina Department of Revenue's (DOR) records had been breached, Gov. Nikki Haley announced a partnership between the state and Dun & Bradstreet, a business credit reporting agency.
Haley also dismissed the merits of a class action lawsuit by Spartanburg attorney John Hawkins, filed as a result of the breach (see attached document).
She called the suit "nothing more than a lawyer with a handout."
Hawkins ran for State Senate in District 10 earlier this year, but lost to incumbent Lee Bright, who was endorsed by Haley.
Even if the lawsuit were successful, the Associated Press reports that payouts from a suit against a state agency are capped at $600,000.*
As far as the breach itself, information continues to become available on a daily basis and Haley said she plans to continue providing updates to the public as she sees fit.
During testimony yesterday before the Senate Finance Committee, DOR Director Jim Etter said that some businesses may have had their information compromised by the same computer hacker who is believed to have accessed 3.6 million personal records.
Shortly after the hacking was announced last Friday, Haley said that individuals will receive free credit protection for a year from Experion. On Wednesday, she announced that Dun & Bradstreet will provide the same service to businesses. Experion may end up billing the state $12 million, while Dun & Bradstreet is not charging the state. It's not known how many businesses were affected by the breach, but Haley said the number could be as high as 657,000.
Starting on Friday at 8 a.m., businesses can sign up at DandB.com/sc or by calling 800-279-9881.
Haley said that so far more than 600,000 individuals have visited the Experion site and more than 418,000 have signed up for the credit monitoring service.
The governor also said she will meet with her Cabinet on Thursday to find more ways to reach the public regarding the breach. One of the primary criticisms by senators at the Finance Committee hearing was that the DOR had not been more aggressive in notifying and working with potential victims.
During the Finance Committee hearing, Sen. Phil Leventis (D - Sumter) wondered if anyone would lose their job over the breach. Haley told reporters on Wednesday that no one would be fired because of the crisis, saying that nothing could have been done to prevent it.
Individuals seeking credit protection should contact: 866-578-5422 or protectmyid.com/scdor and enter the passcode scdor123.
rb
7:26 pm on Wednesday, October 31, 2012
So...our Governor will provide updates to the public as she sees fit. She's treating us like mushrooms...keeping us in the dark and feeding us feces.
Shawn Drury
11:15 pm on Wednesday, October 31, 2012
RB, I wouldn't necessarily take that the wrong way. The governor and her staff have made a point of communicating with the media as much as possible since the crisis arose.
-Shawn
Cookies Mom
7:34 pm on Wednesday, October 31, 2012
"Nothing could ave been done to prevent it" is about the stupidest statement yet by Haley, but is her typical cover my butt type of statement. The same state government that has plenty of money for beach renourishment and other pork barrel projects has no money to bring itself and its' computer software into the 21st century. How come millions of businesses across the globe can and do encrypt social security numbers and credit card numbers but the SCDOR did not????????? Because our backwards state government has not bothered with software updates since computers operated with punch cards!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tom Utley
9:06 am on Thursday, November 1, 2012
Because there are no consequences when the government fails. No consequences to them, at least.
Marlene
7:05 am on Friday, November 2, 2012
And checking account numbers........
Deborah Bagley
10:15 pm on Wednesday, October 31, 2012
RB and Cookies Mom, I found both of those statements offensive. Does she honestly believe we're as stupid and she is? I'm glad to see Mr. Hawkins file this class action lawsuit. I will be getting in on that one. I also believe that Haley needs to be impeached. In just shy of 2 years she's managed to make a big mess of this state. We certainly don't need any more errors in her judgement...it's costing us too much.
Kathryn Smith East
10:48 pm on Wednesday, October 31, 2012
So I guess a 'secure' site is not really secure. :/
Addison
7:06 am on Thursday, November 1, 2012
Not in SC. Noted that none of the other States suffered a similar breach, probably because our secure site is managed by the people who couldn't have done anything about it. So we aren't firing them for what they don't know, what they didn't anticipate and seek outside help or for performance in the "Bottom 1 State" category in data security. Whew! Boggles the mind.
Addison
6:59 am on Thursday, November 1, 2012
Two problems with her statements. First, the class action suit is appropriate because the State abandons all of the citizens after one year, but your SSN, full name and address are still floating around cyberspace and will forever. Two years from now, someone can use that information to begin stealing your identity and there won't be anything in their way because the State pulled out.
The second problem is saying that no one would be fired because nothing could have been done to prevent it. Anyone who has ever worked with IT knows that statement to be patently false. If someone got in, then someone left the door open. Had she said that the knowledge required to prevent it wasn't available because the management didn't think to bring in experts to evaluate the security, I would have felt better and we would have known who to fire. Successful people in the IT world live by the slogan, "Know what you don't know." We obviously have a less than capable IT management and security group and we will continue to have breaches until we get a new group in who knows what they need outside help for. You may have also noticed that none of the other 49 States were breached by these people. I wonder how they were able to prevent the attack that we "couldn't possibly have foreseen?"
Frank Dougherty
8:41 pm on Friday, January 4, 2013
Just wanted to say I appreciate your comments; they are right on the money. I understand there is an opening as director of the DOR--of course you would be working under the Governor (so to speak.)
Jamie Healy
7:34 am on Thursday, November 1, 2012
I heard on the radio that everyone in the state is being offered the free one year of credit protection. However, if you were one of the individuals whose information was undoubtedly leaked, you will receive free credit protection for life. That said, information only being distributed as it is seen fit is going to create paranoia. It would be nice to know how those who were definitely affected will be notified, and when they could expect to receive notification. Then we could all stop worrying so much, and when the date has come and gone, feel a little relief.
Addison
9:13 am on Thursday, November 1, 2012
I have not seen anything that discusses free coverage for life and, in fact, the news reports have been explicit in coverage being ended in one year with nothing further after that time. Obviously if your statement were correct, there would be no basis for the suit. Can you provide a reference to the source?
Geneva Lawrence
9:51 am on Thursday, November 1, 2012
I heard that Jamie, but am unable to remember where. I also heard that of the credit cards, all were encrypted except 5000 expired ones. There is the problem, an official statement, telling all the details, needs to be issued by the governor's office. It seems every news channel has a different take and so how do we know what is true or not. We don't need all the "excuse garbage", just a statement on the facts.
Shawn Drury
10:45 am on Thursday, November 1, 2012
Two things:
First, once you sign up for the monitoring service you get a couple of things. One, your credit report is actively monitored for a year. If something changes you get notified. Two, you get $1 million in identity theft insurance. That's explained here ---->http://www.protectmyid.com/million-dollar-insurance/
Also, maybe an attorney can help out on this...but if taxpayers sue the state they live in, wouldn't they be paying themselves if they won? Seems like nothing more than a publicity stunt. Maybe I'm wrong.
Mike N.
7:53 am on Thursday, November 1, 2012
Re: Lawsuit - all taxpayers become plaintiffs: we are in effect suing ourselves. In what planet does that make sense? In the Lawyer's Planet, that's where!
Proud Conservative Woman
8:52 am on Thursday, November 1, 2012
You are absolutely right, Mike N. Would these same people be suing their credit card companies, banks, etc., anywhere else their SSN's have been compromised?? And we all know they have been, so take responsibility and protect yourself as much as you can with products like LifeLock, etc. They aren't perfect either, but do SOMETHING for yourself, instead of constantly blaming others and looking for handouts. Only the lawyers win big in class action lawsuits.
Addison
9:17 am on Thursday, November 1, 2012
There are two avenues for reslving problems with the government. The first is time consuming and not certain, which is to elect officials who will do the right thing when in office. The second is faster and more certain, which is to avail ourselves of the constitutional remedy provided by the courts. Following your logic and PCW's, no one is responsible for their actions, which sounds liberal, not conservative. It doesn't come both ways. We either use the remedies available to us or we allow people (or institutions) to do as they please without responsibility.
Mike N.
6:10 pm on Thursday, November 1, 2012
>Addison: It's not that no one is responsible - the corrective actions should be to fire or move employees if they are found to be negligent. If Haley is at fault, sue her.
We don't know how sophisticated the attack was yet, but hackers are eventually able to get into any system that is not on a completely isolated network. None of the most secure industry standard recommendations call for an isolated network, so it's possible that no one is at fault - we are a victim of an advanced hacking group.
A mass action lawsuit benefits only lawyers, and taxpayers are on the hook for their bill.
Jamie Healy
9:39 am on Thursday, November 1, 2012
Addison, I'm pretty certain it was mentioned on 96.9 two evenings ago. I don't think I've changed my radio station since then since I don't drive far and generally don't even have it on - and that's the station that was on this morning in my vehicle.
Jerry Stevens
1:04 pm on Thursday, November 1, 2012
"Haley told reporters on Wednesday that no one would be fired because of the crisis, saying that nothing could have been done to prevent it."
It would have been a mistake to fire anyone without a complete independent investigation, but preempting that possibility by a shoot-from-the-hip assessment of the situation was a mistake too.
Shawn Drury
1:16 pm on Thursday, November 1, 2012
This story has been updated to include information about payouts from state agencies.
Marlene
7:00 am on Friday, November 2, 2012
The "State" Makes and demands for you to put your info out there, so they get their money faster. However, doesn't protect the businesses that feeds them. I'm pist!!!!!!
Marlene
7:03 am on Friday, November 2, 2012
Everyone needs to close your checking accounts, and reopen...... There is know way around it! No protection against checking accounts.
GunnyHighway
5:07 pm on Friday, November 2, 2012
Industry computer security experts debunk Haley's statements in this article:
http://www.darkreading.com/database-security/167901020/security/news/240012646/lies-we-tell-our-ceos-about-database-security.html
The bottom line is that either she's lying to us on purpose, or she's just plain stupid.
brenda price
8:59 am on Thursday, December 13, 2012
Signed up for the monitoring service and the day this article was published my bank account was hacked for $845 from a company called GUMTREE COM in the UK. Bank is investigating it but will take 10 business days for my money to get back into my account. Well goes to say, my rent has not been paid, nor any bills for this month. Emailed Consumer Affairs and they will not respond. So how is this helping.? This is causing a lot of grief in my life and all I see is more money going into the DOR. What about the people that has or will be affected by these hackers? Step up Haley and do better!