Nikki Haley’s Data Breach Claims Debunked
GOVERNOR REBUKED BY INDUSTRY EXPERTS
S.C. Gov. Nikki Haley’s public statements in the wake of an unprecedented security breach at the South Carolina Department of Revenue (SCDOR) are being challenged by industry experts.
“The governor’s comments reflect unawareness of data security practices and are not at all reassuring,” network security Avivah Litan told Computer World.
Litan was referring to Haley’s claim that South Carolina was following “industry standard” practices when it failed to encrypt Social Security data that was stolen earlier this year by hackers presumed to be affiliated with an Eastern European crime syndicate. Beginning on August 27, more than 3.6 million Social Security numbers and nearly 400,000 credit and debit card numbers were stolen from the agency. Additional data – including individual tax return records – may have also been stolen, although Haley’s administration isn’t sure of the extent of the damage.
“To tell you (that) now would be guessing,” Haley told reporters this week.
How reassuring …
The breach at SCDOR was not discovered until October 10 and the public was not notified that its data had been stolen until October 26 – inexcusable delays given the sensitivity of the data involved.
Earlier this week, Haley claimed that nothing could have been done to stop the hackers – but she later admitted that “holes” in the state’s cyber security system had been filled in the wake of the successful penetration.
So which is it, governor?
In addition to avoiding this fundamental question, Haley also has yet to answer a host of interrogatories submitted by Democratic lawmakers regarding the breach … including an estimated price tag for the identity theft protection it is now having to provide (not to mention all the extra SCDOR workers hired to handle the flood of phone calls pouring in from nervous Palmetto State residents).