STATE TREASURER HOSTING FORUM IN WAKE OF REVENUE DEPARTMENT BREACH
In the wake of an unprecedented breach of the Palmetto State’s cyber security apparatus, S.C. State Treasurer Curtis Loftis is convening a panel of experts later this month in an effort to batten down the hatches and keep public information better protected.
Loftis was organizing the confab prior to the massive breach at the S.C. Department of Revenue (SCDOR), but the event has suddenly taken on an added sense of urgency.
In what appears to be the worst case of state-level hacking ever perpetrated, more than 3.6 million Social Security numbers, nearly 400,000 debit and credit card numbers and tax information for as many as 650,000 businesses were obtained by hackers from the S.C. Department of Revenue (SCDOR). South Carolina officials never detected the breach – which began on August 27. Informed by the U.S. Secret Service on October 10 that the state’s system had been compromised, S.C. Gov. Nikki Haley waited sixteen days to tell the public about it – and has been busted in numerous inconsistencies and outright lies in the days since her administration decided to go public with the news.
Hopefully Loftis can bring some adult supervision to this situation … because it sorely needs it.
“The criminals only need to be right once in order to create havoc as we’ve recently seen,” Loftis said. “It is vital to bring local and state agencies together along with industry experts to examine security practices with the goal of making all levels of South Carolina government more secure.”
Indeed … especially since our taxpayers have already shelled out tens of millions of dollars on the cyber security system that failed so spectacularly to secure our information in this case (and in another data breach back in April).
So will Haley – whose administration has botched virtually every facet of this crisis – attend Loftis’ seminar? Of course not … the governor will be out of state touting her so-called “limited government” credentials.
***
25 comments
In other news, Curtis Loftis intends to unseat Nikki in the Republican primary, and he’ll win in a landslide.
Where is the “Like” button?
Ouch. That’s what it looks like, now isn’t it?
Finally. something constructive besides duck, dodge, blame, lie and lawyer up.
Ooooh, this is gonna piss off Miss Nikki.
Curtis has been a champion fighting government waste, fraud and abuse since his first day in office.
Hell, we don’t stop hearing about the pension fund and the many problems over there. He seems to be the only elected official who gives a damn.
With a little hard work, much can be done. Here’s to hoping the rest of our government leaders are taking notes.
Loftis only cares about himself. If he is so concerned about government waste, how doed he justify his state paid campaign staff. The man is a tool.
I went to the Treasurer’s ID theft seminar at College of Charleston and I learned a great deal. I immediately put a credit freeze on myself and so right now I am feeling good about life.
Everyone should do that and for some crazy reason SC has laws passed where it is free. The Legislature is to be thanked for that.
I’m surprised no one has mentioned (at least I haven’t seen in) the fact that so much of the state’s IT infrastructure is fractured into many small fiefdoms across agencies and departments. One might assume that the state Division of State Information Technology (formerlly called the State CIO’s office) would provide centralized IT services across all agencies and departments. And in fact they do offer such services, by reading their website. But more than anything, I believe DSIT is clearinghouse for negotiating service contracts and IT procurement. Has anyone read anything regarding DSIT in relation to this event? Why not? October is CyberSecurity month, after all, according to the DSIT website.
Why is this important? Well, for one, it probably means that your personal data is stored in many different systems operated by many different agencies, all in different formats, providing many targets for IT security incidents. It also means we’re paying for IT staff and systems across many agencies, and I’m sure some do a better job at protecting data than others.
Why doesn’t the state run a single IT “cloud” with email, data storage, Virtual servers, web hosting, disaster recovery, business continuity, etc for all agencies? The state CIO, who should know better about things like IT security, could be held accountable for such events like this, rather than watch these painfully awkward pressers with the Gov, SLED and old man Etter trying to explain nitty-gritty IT issues.
I guess it’s like anything else in SC – the GA wants to share the love and pay for redundant services for all agencies, and screw the tax payers.
The Division of State Information Technology is the location for the Departtment of Revenue servers and databases. Looks like they did a great job providing security for them.
@Upstater
That has been the norm for years. Hell, in the early 1990s, LAC put together a pretty decent report on the THEN state of Information Technology in South Carolina. It’s “nice” to know that IT is just as disjointed today as it was nearly 20 years ago.
That fancy State Disaster Recovery Data Center off of Broad River Road – by SLED – as I understand still does not have all of the state agencies participating by housing their DR/HA systems there (unless that has changed in the last few years).
Business Continuity Plan? What’s that?
I hate to say it, but to fix the state of IT would require a cabinet-level CIO position with unilateral authority and some fairly deep pockets. Keep the penny-pinchers and accountants away please. You can never save money on proper IT. You either pay for it now IN FULL or pay for it later … 10x OVER. Oh, and it’s a recurring cost in fairly sizable amounts in 18-36 month intervals if executed correctly.
Above all else … IT is not a burden. It is a partner in accomplishing the jobs and tasks at hand in the most efficient and compliant ways possible.
The worst part about all of this: DoR has/had some of the highest-paid IT contract resources (read: private sector employees contracted to work for DoR in lieu of hiring a full-time employee). The hourly bill rate was highly competitive with the private sector – competitive enough to draw resources from larger markets (ATL/CHA).
– SSHM
Well, how about that. Someone did think about fracturization of the IT systems in SC – the AP just published an article about it.
http://www.goupstate.com/article/20121101/WIRE/211021015/1083/ARTICLES?Title=Fallout-from-data-breach-could-lead-to-centralizing-computer-operations
As I suspected, SCDOR does not avail itself of the resources of the State DSIT. That’s too bad. Will – that big Cybersecurity grant you talk about probably never touched SC DOR’s IT systems.
Well, maybe some of that will change. I know IT is a bit of a stretch for our mouth breathing Senators and Reps to consider, but maybe they can use this to streamline some IT services in the state. I have to believe that will improve service and security, and also save some money.
Grandstanding a little, Curtis??
That’s all he knows how to do. The man is a self centered tool of Howie Rich.
Grandstanding? He was on the radio today and was so respectful of the Governor I thought they must be best friends.
WHO CARES IF CURTIS LOFTIS WANTS THE GLORY, AS LONG AS HE FIXES THE PROBLEMS, HE DESERVES THE GLORY. I BET YOU DON’T UNDERSTAND THE PROBLEM OR HOW TO FIX IT. Just accept your limitations and thank GOD we have one person who can fix it.
What about notifying the individuals who were affected? Silence! Sending out millions of letters would be political suicide. Keeping people guessing will keep the backlash down. If they got actual confirmation the outrage level goes up.
Businesses in private enterprise are required by law to notify individuals if they have a breach of sensitive information. But hey this is the SC State Government. Where is the outrage? Where is the accountability? Where is the transparency?
Accountability? Transparency? How much of either have you seen in the last 2 1/2 years?
Outrage? Why waste energy? The dinks who run our government couldn’t find a pile of horseshit in a stable. Any expectation that they will do right by the people is silliness.
The State Treasurers forum has been scheduled for over a month. planning began in early September.
Loftis had a statwide program about identy theft and credit risk in September.
All of this was done BEFORE the cyber hacking. it is good government not politics .
I am a lifelong Democrat and I hate to admit this but Loftis is the best statewide official I ever worked against in my 28 years of sticking it to the GOP bastards! Next cycle he has my vote and I don’t care who runs against him.
Here is a thought….Let’s put the DOR under the State Treasurer’s authority…
What about Mikey? Doesn’t he need something to do other than carry Nikki’s purse? Let him be in charge – he needs to be busy.
Curtis is the man! Thank goodness South Carolina has Curtis Loftis as state Treasurer. He will make and outstanding governor.
How many of these posts are from Curtis? I always get a kick out of the outpouring of organic support that seems come out with each post.
Told by my bank officer that the “hacking” is coming from the middle east. Pakistan?
I heard Russia.