#SCHacked: The Ransom
Seven months after we exclusively reported on the bizarre ransom-related aftermath of #SCHacked – last fall’s unprecedented state-level hacking incident at the S.C. Department of Revenue – a South Carolina Senator is finally asking questions about the alleged payoff.
For those of you who missed our post from last October, it broke down like this: While S.C. Gov. Nikki Haley was giving her fateful press conference belatedly responding to the scandal – telling the public “nothing could have been done” to stop the hackers – her administration was secretly said to be cooperating with national and international authorities as part of a “sting” effort to reclaim the data stolen.
What all did the hackers make off with? Over a period of several weeks in August and September of last year, they robbed SCDOR of 3.8 million Social Security numbers, 3.3 million bank account numbers, tax info for more than 650,000 businesses and nearly 400,000 credit and debit card numbers.
Anyway, here’s the relevant passage from our report …
While Haley was putting on her show, officials in her administration were telling legislative leaders and other state officials that a global effort led by Interpol and the U.S. Department of Justice was “trying to buy the list back.”
“We made the last payment,” one Haley advisor told a top lawmaker less than 24 hours before the governor held her infamous press conference.
The Haley aide told the lawmaker that the blackmail payments were part of a “global law enforcement sting” and that “no South Carolina tax dollars” were being used for the purpose of repurchasing the list. The legislative leader declined to identify the name of the Haley staffer he spoke with – even after being granted anonymity to speak freely.
No one involved in the heist has even been identified, let alone held accountable.
“Is it true that a ransom was paid on behalf of the State of South Carolina to a person or persons who were involved in or were responsible for the theft of the personal identity information of millions of South Carolinians and South Carolina businesses from the South Carolina Department of Revenue in the fall of 2012?” S.C. Sen. Brad Hutto (D-Orangeburg) asked Haley in a letter this week.
Hutto – who copied S.C. Attorney General Alan Wilson and State Law Enforcement Division (SLED) chief Mark Keel on his letter – called on Haley to “reveal any and all knowledge you have regarding the payment of a ransom related to the computer hacking.”
Haley’s office did not respond to Hutto’s letter – referring all questions related to the hacking to the U.S. Secret Service and SLED.
#SCHacked is one of the major body blows suffered by Haley during her first term – a scandal she compounded by misleading the public.
In addition to her “nothing could have been done” claim, Haley also suggested that the Palmetto State used “industry standard” data security methods to protect taxpayers confidential information. Both of those claims turned out to be completely false.
Haley’s administration has received a $20 million bailout to pay for all the costs associated with the breach – including a controversial credit monitoring deal and crisis communications advice from a liberal Capital City public relations firm.
Of course that’s before we get to the real cost of the debacle …