October 29, 2012
Mr. James Etter
South Carolina Department of Revenue
301 Gervais Street
Columbia, S.C. 29214
Dear Mr. Etter,
As you know, many citizens of our state have questions about the recent breach of security at the SC Department of Revenue. We are among them. As elected representatives of the people of South Carolina, we are very concerned for the safety of their identities. There remain important questions, which have not been answered. South Carolina must ensure that the nature of this breach is fully understood and corrective measures are taken. To that end, we ask you to answer all of the questions. Please advise if you cannot complete by this Wednesday at noon.
Do we know that data was actually transferred out of the system or was the system simply breached?
What types of data were compromised- the full tax return? Social security numbers? addresses? charitable contributions? W2 information? or other information?
Why were any credit card numbers kept in an unencrypted format?
To what degree was the breach the result of poor procedural, security control versus human error?
Why was this data kept in a way that was accessible to the internet?
What security audits were performed on these systems during the past two years?
Have children’s SSNs also been compromised and what steps should parents take to ensure that their IDs are protected?
What is the state willing to do beyond the year of (free) ID protection to protect the IDs of children, vulnerable adults and others who have been compromised and may not be able to afford ID protection after the year expires?
Please provide us with a copy of SCDOR’s information security standards and policy.
Please describe the time line of when and how SCDOR learned about the breach, steps that were taken, and when any other entities were notified of the breach?
Please explain how much time passed between the time SCDOR was notified of the breach and the time the public was notified?
Please provide an estimate of how much money the state will expend to deal with this breach and its aftermath?
Thanks so much for your prompt attention to this matter.
Very truly,
(Signed)
Senator Brad Hutto
Senator Vincent Sheheen
Representative James Smith
Representative Mia Butler Garrick
Cc. The Honorable Nikki Haley.
-###-
Editor’s Note: The above communication is a news release that does not necessarily reflect the editorial position of FITSNews.com. To submit your letter, news release, email blast, media advisory or issues statement for publication, click here).
***
4 comments
All are reasonable questions that will, sooner or later, be posed in a court of law.
BS. All are political questions in a chess game between the evil and the braindead. You decide which is which. The Republicrats and the Demlicans are two sides of the same coin. A fracking wooden nickel.
Have a Great Day!! :)
Frank Pytel
Buck up Nikki and Bobby, you know you stole it and kept it a secret hoping we would’t catch you before you went on the lamp.
Actually, “sweepin” is correct. The questions are all viable and will eventually be asked when this case reaches the courts — and you can mark my words that it will have its day in court. Regardless of the outcome, the people of the state lose. Our tax dollars will be spent by state government to defend itself against the people it supposedly represents. Talk about the ultimate irony!
Admit it. Haley, Etter and DOR failed to protect us. Now, we have to worry about our personal information being exposed to criminals who will never have to worry about our local cops, SLED, or even the FBI/CIA/Secret Service catching them. Depressing, ain’t it?