October 29, 2012

Mr. James Etter
South Carolina Department of Revenue
301 Gervais Street
Columbia, S.C. 29214

Dear Mr. Etter,

As you know, many citizens of our state have questions about the recent breach of security at the SC Department of Revenue. We are among them. As elected representatives of the people of South Carolina, we are very concerned for the safety of their identities. There remain important questions, which have not been answered. South Carolina must ensure that the nature of this breach is fully understood and corrective measures are taken. To that end, we ask you to answer all of the questions. Please advise if you cannot complete by this Wednesday at noon.

Do we know that data was actually transferred out of the system or was the system simply breached?

What types of data were compromised- the full tax return? Social security numbers? addresses? charitable contributions? W2 information? or other information?

Why were any credit card numbers kept in an unencrypted format?

To what degree was the breach the result of poor procedural, security control versus human error?

Why was this data kept in a way that was accessible to the internet?

What security audits were performed on these systems during the past two years?

Have children’s SSNs also been compromised and what steps should parents take to ensure that their IDs are protected?

What is the state willing to do beyond the year of (free) ID protection to protect the IDs of children, vulnerable adults and others who have been compromised and may not be able to afford ID protection after the year expires?

Please provide us with a copy of SCDOR’s information security standards and policy.

Please describe the time line of when and how SCDOR learned about the breach, steps that were taken, and when any other entities were notified of the breach?

Please explain how much time passed between the time SCDOR was notified of the breach and the time the public was notified?

Please provide an estimate of how much money the state will expend to deal with this breach and its aftermath?

Thanks so much for your prompt attention to this matter.

Very truly,


Senator Brad Hutto
Senator Vincent Sheheen
Representative James Smith
Representative Mia Butler Garrick

Cc. The Honorable Nikki Haley.


Editor’s Note: The above communication is a news release that does not necessarily reflect the editorial position of To submit your letter, news release, email blast, media advisory or issues statement for publication, click here).