FRESH INFORMATION, INTRIGUE RELATED TO PALMETTO STATE’S MASSIVE SECURITY BREACH
One day before S.C. Gov. Nikki Haley belatedly informed the people of South Carolina about the biggest security breach in state history, FITS reported on the termination of a high level staffer at the S.C. Department of Revenue (SCDOR) – the agency that coughed up 3.6 million Social Security numbers, nearly 400,000 credit and debit card numbers and untold other information to hackers allegedly associated with a sophisticated Eastern European crime ring.
But is the forced resignation of SCDOR chief information officer Mike Garon – first reported in one of our “wire” posts - somehow connected to this unprecedented breach?
More to the point … is Garon the “inside man?” Meaning were his credentials used by the hackers as part of their plot to gain access to this information?
SCDOR officials are denying any like between Garon and the breach, according to WLTX TV 19 (Columbia, S.C. – CBS). Also information from our sources suggests that Garon – who made more than $108,000 a year (not counting benefits) – was fired as a result of his connection to an unrelated scandal.
According to our tipster, Garon was “escorted out of his job and the building at the (S.C.) Department of Revenue” on September 26 – about two weeks before the breach was detected the agency.
Why was he sacked? In a follow-up email, our source alleges that Garon was part of a corrupt ring of bureaucrats that was profiting from the awarding of information technology contracts to specific vendors. This scam – which dates back several years – was first unearthed about eighteen months ago, at which point an internal SCDOR investigation into Garon’s activities was launched.
“In the most corrupt agencies, these guys just bought the business, but in no agency was it worse than (SCDOR),” our source says.
We’re not ruling out a possible connection between Garon and the massive breach – and it’s obviously impossible to trust anything the Haley administration says – but at this point there’s nothing to suggest that the disgraced bureaucrat was connected to the hacking operation.
We’re continuing to dig on Garon, though, and will be sure to let our readers know what we’re able to uncover.
In the meantime, it’s starting to look like this could just be the beginning of SCDOR’s internal problems …
(And no, we’re not just referring to the fact that two SCDOR employees have been fired in recent weeks for masturbating in public).
Another SCDOR staffer feeling the heat is deputy director Harry Cooper – who has been accused by agency employees of skimping on security measures.
“(Cooper) gave the approval to reduce costs by reducing the level of cyber security at the SCDOR,” one agency source tells FITS. “Sure, he relied on the recommendation of his chief IT people, but it was his final decision.”
Wait a minute … SCDOR received $67.5 million in the current state budget, which is $4.5 million more than it received a year ago.
Why, then, would it need to “reduce costs” – particularly costs related to cyber security? Or is the protection of information that South Carolina residents are required to submit to the state not a core function of government?
S.C. Gov. Nikki Haley – whose administration is responsible for SCDOR – has claimed that nothing could have been done to stop the breach. However in the same breath she admitted that there were “holes” in the system that have since been filled.
Take a listen …
(Click to play)
So which is it, governor?
In addition to this inconsistency, Haley’s claims that South Carolina followed “industry standards” for protecting citizens’ sensitive information have also been debunked.