inside south carolina breach


As hundreds of thousands of South Carolinians receive their “your personal info has been stolen” letters from the S.C. Department of Revenue (SCDOR), state lawmakers continue to investigate the colossal lapse in security that led to the massive breach at Gov. Nikki Haley’s cabinet agency.

And as they do, they continue to uncover what additional evidence which points to one unmistakable conclusion: The largest state-level security breach in history was completely preventable.

Not only that, a former employee told the agency exactly how it could better protect sensitive data – and was ignored. According to the Associated Press, former SCDOR information technology chief Scott Shealy told a legislative panel his former agency was “more concerned with keeping employees from accessing news, sports and social media websites on their work computers than protecting taxpayer data like Social Security numbers.”

Oh, and masturbating … let’s not forget masturbating.

Shealy – who advised SCDOR to encrypt its sensitive data and put safeguards in place for employees who accessed it – left the agency in September 2011.

Beginning in late August, SCDOR coughed up 3.8 million Social Security numbers, 3.3 million bank account numbers, tax info for more than 650,000 businesses and nearly 400,000 credit and debit card numbers to as-yet-unidentified hackers.  Haley’s agency never even knew it had been hit – in fact it wasn’t until mid-October that federal law enforcement officials informed the state its system had been compromised.

At that point, Haley waited another sixteen days before going public with the news.

How has she managed the crisis?  Not well …

Haley initially claimed that “there wasn’t anything where anyone in state government could have done anything” to stop the breach – and that the Palmetto State used “industry standard” data security methods.  Both of those claims turned out to be completely false.

Haley’s administration has received a $20 million bailout to pay for all the costs associated with the breach – including a controversial credit monitoring deal and crisis communications advice from a liberal Capital City public relations firm.