SC HACKED SCANDAL: NOBODY KNOWS NOTHIN’
Ah, South Carolina … where it’s always a “great day” for government incompetence.
Nearly four months after as-yet-unidentified hackers first began making off with reams of sensitive personal data belong to Palmetto State taxpayers, S.C. Gov. Nikki Haley’s administration still has no idea how to keep “#SCHacked” from happening again.
“Nearly two months after publicly disclosing a massive data breach at the South Carolina Department of Revenue, state officials are unsure just what kind of weaknesses exist in state agencies’ cyber security,” reporter Tim Smith of The Greenville News noted. “The State Budget and Control Board — the five-member board that oversees the state’s administrative agency as well as state financial decisions — took the first step to find out Wednesday when it authorized hiring a consultant to craft a bid for a firm to assess the state’s security and develop a statewide cyber security (plan).”
So let’s get this straight … a consultant is crafting a bid to get some other firm to conduct an assessment of the state’s security system so that administration officials can then develop some sort of “plan?”
Jesus … how much is all of this bureaucratic circle jerking going to set us back?
Haley’s Department of Revenue (SCDOR) has already blown through $20 million on its ill-conceived knee jerk reaction to this heist … how much more money will taxpayers be forced to shell out simply to determine what went wrong?
And speaking of a “plan …” what exactly was the “plan” before Haley’s administration coughed up 3.8 million Social Security numbers, 3.3 million bank account numbers, tax info for more than 650,000 businesses and nearly 400,000 credit and debit card numbers to the hackers?
Seriously … isn’t this sort of “plan” precisely the kind of thing state leaders should have developed already using the millions of dollars in cyber security grants our state has received over the years? In fact, shouldn’t such a “plan” have been a priority after Haley’s administration coughed up hundreds of thousands of confidential files back in April?
Unreal …
On both the front and back ends of this disaster, Haley’s administration has delivered an epic fail. For starters, it took an unconscionable 43 days for state leaders to discover that their system had been breached – and even then they never discovered the hack, they had to be alerted to it by federal law enforcement. Now, nearly two months after the breach was announced we’re still not sure we’ve fixed the problem?
That’s the frightening reality South Carolina taxpayers are currently confronted with …
***
24 comments
Where does the $20 million figure come from? Is it assuming that all 3 million plus that were hacked sign up for protection? My understanding is that only 180,000 have done so. Still a cluster fruit but I wonder about the $ amount.
SC agency gets $20 million loan to pay hacking costs:
http://www.thestate.com/2012/12/13/2554349/sc-agency-gets-20-million-loan.html
That is exactly what anyone who has ever dealt with State IT procurement would have predicted.
You can not get pay offs lined up and friends taken care of moving quickly.
Other silos have to be brought along. Other personalities. You have trolls in these other IT departments who have lived in darkness and bull shit for so long, it is hard to say how they might answer a common inquiry. I mean these folks answer to no one.
No one wants to ask the question, “How did this happen and is it still happening in other agencies as we speak” ?
The answer to the later is probably.
Half Man, or who ever monitors this site for the Half Man, the cost will be 250 million.
The good news, you might end up with something that resembles modern IT.
Please name the consultant and ask for TIPS on the crony shit as soon as it is announced.
I can see India from Blossom Street.
NO CLOSE UPS! Jesus how many times do I have to say this? Some one warn me next time for God’s sake.
— still better than the inflatable doll!
Yeah, but the inflatable doll won’t give you an STD.
Aaaaaghhh!! Take that picture down!! Shows crows feet around her mouth, bad complexion, sad face!! Bad lighting!!
Seriously, how do you expect a girl who sold flowers for a living to know anything about cloud computing, man-in-the-middle hacking, database management, or risk analysis?
She sold flowers for a living? Tell more.
The State paid a blanket $12 million for 3.5 million people. Only 180,000 signed up = a pretty good deal for Experian. Plus, you can take their word that everything is OK, but if you want to see it for yourself, it cost $34.95. I would say that Experian (and probably Haley) fell in a barrel of shit and came out smelling like a rose!!!
The close-up picture is a good one of her “I’m a stupid fucking bitch” look… She must go down for her incompetence on this.
The one year deal with Experian doesn’t mean jack shit to you and me. It only allows her to say, “we did something once we knew there was a breach…” We will be dealing with this as long as we are breathing oxygen on planet Earth… I know — I work in this space…
Why don’t we just use the consultants that Harry Cooper has allowed to hang around the DOR for the past 7-8 years? The DOR has paid them more than encryption would have cost and have received absolutely nothing in return.
Better yet, why don’t we let Harry have control of the $20M from the Legislature for this fiasco? Maybe he will blow this money like he did the “Burnie Bucks”. I believe that was about $9M back in ’06-’07. He’s always spent money like a drunken sailor why not let him blow this too?
As far as a Circle Jerk is concerned, Cooper has been the pivot man on the Circle Jerk known as DOR for the past 15 years. Never shake hands with Harry. You know where his hands have been.
The picture is a good one to show how she is not, and will not, age well. Too bad, because she reportedly was an attractive girl.
Put a burlap sack over that head. PLEASE !!!
Fits,I realize you’re a victim,and PTSD is rough,but posting these pics of Haley cannot be good for you.Do you go into fugue states when you see her or uncontrollable fits(unintended;) of rage?
Stop beating yourself up,man!
It is ironic the maggots the Gypsy Queen is paying to determine what the hackers did and what they got will probably rake in more taxpayer’s money than the hackers.
If the son of bitches who did the hacking had any brains, they would set up a dummy LLC and bid on the contract to identify themselves.
The awarding of the contract to their LLC should be as easy as their initial hacking given the competence level of our current elected/appointed officials.
Note that in all the money that has been spent before they decided to do this today was like a quarter of a million for a public relations firm. Ummm, yup.
Signed up my family, just in case. Got the email about signing up my kid. Did so.
Got the email about signing up my kid today. Again. Still nothing that says I or my wife or my kid’s number were definitely stolen.
From WIS NEWS..
“One quick question,” said State Rep. Bakari Sellers. “You talk about attorney-client privilege. I want to know, who do you represent?”
Additional Links
Haley: Security breach could cost state more than $12 million
Nelson Mullins attorney Rush Smith faced a House panel Thursday to explain his firm’s role in the days leading up to the announcement that the State Department of Revenue’s computer system was hacked.
“We were first retained by the Department of Revenue,” said Smith. “Since then, we’ve advised the governor’s office.”
Smith’s firm has already charged the state $300,000. The Governor’s office and DOR hired Smith eight days before the October 26th public announcement.
GoGovernorikki Haley and SLED found out about the security breach on October 10th. A hacker stole more than 4 million taxpayer and business information. It took another 16 days before the told the public.
SLED said it took that long to get their investigation going.
“What my constituents still want to know,” said Rep. Harry Ottw ‘Is why they were not notified as soon as possible when the state found out we had a breach.”
“I believe that timeliness notice was given here, so I don’t accept the proposition there’s a legal delay,” said Smith. “I know that days passed, but I know that during those days, is that law enforcement was undertaking its investigation.”
The committee also found out the law firm wasn’t the only one who knew about the hack before it was announced to the public.
Columbia public relations firm Chernoff Newman knew, too. The firm charged taxpayers $200,000 for their work so far.
“My question is, you hire a PR firm before you release it to the public?” asked Sellers. “I understand the legal aspects of this. I understand there was a criminal investigation, but at what point during the criminal investigation require you to hire a PR firm?”
“Is this to get public information out or is this to spin it politically to do the least amount of damage?” asked Ott.
“The purpose for which Chernoff Newman was retained, obviously was to help craft the message and to be sure we were able to place, for example, help us place the publication notice in the newspapers,” said Smith.
“You hire a PR firm, but you couldn’t tell the general public?” asked Sellers. “And when I’m going back and telling my constituents the things we did leading up to before we told you, that is one thing that sticks out that makes absolutely no sense.”
Remember,’PR;Public Relations’ is a term coined by,Edward Bernays to replace the word,’propaganda’,because of the negatives connotations..
and remember jim demint has made his career as a “PR” man. as for the circle jerk thing, dear womanbeater will, youre whole existence is a circle jerk for the likes of the sanfords and haley.
Help me remember: Did Haley or did she not flaunt her accountant “expertise” (does not have a CPA and never worked at a public accounting firm or Fortune 500 company) and vow that her first order of business would be to have an audit of every department? Have any been done to date?
This should never have happened. I have an internal auditor in my family with a CPA, CIA and couple of other titles, 4 years auditing with a public accounting firm and 3 years other auditing, and they tell me that if the DOR had been audited by a competent outside external auditor and an IT auditor, this lack of security would have been found and exposed if not fixed.
Or if the internal audit department (if they have one) had been doing their job.
Incompetence ain’t pretty.
SC made Slashdot. Read the comments, as many are informative:
http://politics.slashdot.org/story/12/12/15/1427223/south-carolina-shows-how-not-to-do-security