The successful hacking of the S.C. Department of Revenue (SCDOR) is the biggest disaster of Gov. Nikki Haley’s administration – but it is also the biggest mystery.

More than a month after the fact, no one knows what really happened … except that 3.8 million Social Security numbers, 3.3 million bank account numbers, tax info for more than 650,000 businesses and nearly 400,000 credit and debit card numbers were stolen (information which is now being sold on the black market).

According to Haley’s administration, thieves were able to access the system using information obtained from an unsuspecting employee  – who apparently clicked on the wrong email.  But as has been meticulously documented throughout this process taxpayers can’t trust anything that Haley says – because almost everything she has told the public about the unprecedented state-level breach has been false.

Haley initially claimed that “there wasn’t anything where anyone in state government could have done anything” to stop the breach – and that the Palmetto State used “industry standard” data security methods.  Both of those claims turned out to be completely false – as a simple $25,000 expense could have prevented the breach (which will wind up costing taxpayers hundreds of millions of dollars).

But who perpetrated the heist?  Initially, Haley’s administration told legislative leaders that the hack was the work of an Eastern European criminal organization.

But is that accurate?

Sources within the S.C. Department of Revenue are telling FITS that the real culprit may have been much closer to home.

“The problem emanated from a contract worker whose firm was hired to assist DOR in computer programming and who saw an opportunity to make some big money,” a source tells FITS.

Not only that, according to our source “SLED was onto (the suspect) long before” the hack was publicly disclosed.

“They were investigating the internal suspect,” our source says, referring to the S.C. State Law Enforcement Division (SLED).

The sources declined to speculate on whether the “internal suspect” was Mike Garon, the former Revenue Department official whose firing was reportedly exclusively by FITS less than 24 hours prior to Haley informing the public about the breach.  SCDOR officials have repeatedly denied that Garon’s firing had anything to do with the scandal – however he did oversee the agency’s cybersecurity during the breach.

On that count, our sources say that SCDOR staffers “warned Garon over a year ago that they had a vulnerability in the system and that it needed to be addressed.”

Unfortunately Garon is said to have “ignored (the) advice.”

What’s clear at this point is that the security breach at SCDOR was completely preventable – and that our state’s leaders have yet to shoot us straight regarding precisely what happened.