SCDOR Refused Cyber Security Aid
SO MUCH FOR THE WHOLE “NOTHING COULD HAVE BEEN DONE” EXCUSE
S.C. Gov. Nikki Haley claims that “nothing could have been done” to prevent an unprecedented security breach at the S.C. Department of Revenue (SCDOR). However the agency refused to participate in a free network monitoring system provided by the state’s chief information officer.
It’s the latest example of how millions of dollars in cyber security tools and training paid for by Palmetto taxpayers went unused – and a direct contradiction of Haley’s prior claim that “there wasn’t anything where anyone in state government could have done anything to avoid” the breach.
Haley – who oversees SCDOR and has been pushing for expanded control over other state agencies – has yet to take responsibility for the egregious lapse in security or explain to the public why tighter security measures were not in place (including those utilized by virtually every other state agency).
“The South Carolina Department of Revenue chose to only have part of its network monitored,” reports Jody Barr of WIS TV 10 (NBC – Columbia, S.C.). “The networks SCDOR did not have the state monitor were the ones a foreign hacker stole 3.6 million South Carolina social security numbers from.”
That breach – which began on August 27 – was never detected by the state. In fact it wasn’t until October 10 – a month-and-a-half after the initial hacking attempt – that the U.S. Secret Service informed state leaders that their network had been penetrated. Amazingly, it took another 10 days after that for SCDOR to implement the enhanced security measures outlined above – and another week after that before Haley informed the public of the breach.
In addition to the Social Security numbers, nearly 400,000 credit and debit cards and tax information for up to 650,000 businesses were also lifted by the hackers – who are believed to be connected to an Eastern European crime syndicate.
Haley has been roundly criticized for her handling of the breach, including numerous inconsistencies and outright lies included in statements she has made to the press. Haley will also miss an upcoming cyber security panel – scheduled by S.C. Treasurer Curtis Loftis prior to the breach – due to her political schedule.
Haley’s administration experienced another major security lapse less than six months ago when nearly a quarter of a million Medicare records were improperly lifted from the S.C. Department of Health and Human Services (SCDHHS).
In response to the latest lapse, the state is spending $12 million to provide a year of free credit monitoring from Experian – but that decision is now being questioned on the basis of cost and security concerns.