SC Breach: Business Data Hacked, Too

MORE THAN 650,000 BUSINESSES AFFECTED BY MASSIVE SECURITY BREACH South Carolina’s massive data security breach is far worse than Gov. Nikki Haley’s office originally acknowledged – and poses a far greater threat to the Palmetto State’s economy than initially disclosed. After Haley’s administration claimed that no business tax information had…


South Carolina’s massive data security breach is far worse than Gov. Nikki Haley’s office originally acknowledged – and poses a far greater threat to the Palmetto State’s economy than initially disclosed.

After Haley’s administration claimed that no business tax information had been compromised during the unprecedented heist, officials revealed this week that data affecting more than 650,000 businesses was also part of the hack that stole 3.6 million Social Security numbers and nearly 400,000 credit and debit card numbers.

In other words the hackers – believed to be part of a sophisticated Eastern European crime syndicate – made off with everything.

Amazing …

Hackers infiltrated South Carolina’s cyber security “defenses” beginning on August 27 of this year – an unprecedented breach that state officials never detected.  In fact wasn’t until October 10 that federal law enforcement officials alerted the state that its data had been compromised – and it was another sixteen days until Haley alerted the public.

Since the hack, Haley has claimed that “nothing could have been done” to stop it … although in almost the very same breath she acknowledged that “holes” in the state’s security had since been filled.  Haley’s claims that the state used “industry standard” protection measures have also been debunked.

Meanwhile, Haley’s Department of Revenue (SCDOR) continues to be dogged by other embarrassing scandals … and fresh allegations of corruption.


Related posts


Vehicular Incident At Thomas Ravenel’s Aiken Compound


Beaufort County Corruption Investigations Referred To South Carolina Statewide Grand Jury?

Will Folks

Attempt To Toss Charleston Day Lawsuit Denied



Smirks November 1, 2012 at 8:20 am

They should have released all of this information Friday if they really wanted it to die in the presses quickly. They can’t even get the covering their ass part 100% right.

TheFunkyMonkey November 1, 2012 at 8:44 am

Well said Smirks!

sweepin November 1, 2012 at 8:29 am

This is prima facie evidence of how inept the Governortrix and the bunch of kids that surround her are.

There are no adults in the room and no evidence of competent leadership from the Chief Head Honcho-ess in Charge.

shifty henry November 1, 2012 at 8:32 am


Torch November 1, 2012 at 8:37 am

I haven’t seen if thy got banking information on individuals. Direct deposit information give bank account information for individuals/families. Has anyone seen this information?

sweepin November 1, 2012 at 10:09 am

Yes, it is a part of the information according to the reports I’ve seen.

? November 1, 2012 at 8:40 am

Where’s Neo when you need him? I know he can take down the Borg Queen.

Carpe Jugulum November 1, 2012 at 8:43 am

Money evaporates from South Carolina State University and the state government shrugs and continues to fund a total embarrassment and theft machine.

A bunch of goobers run around putting video gambling machines in convenience stores and gas stations and state government proves itself to be completely inept at dealing decisively with it. It does demonstrate how easily it is corrupted.

The SC DOR is hacked and millions of people and businesses are severely affected. The Governor babbles about plugging holes and the SLED Chief shucks and jives about “benchmarks.”

South Carolina is simply hopeless. It’s not even amusing to make fun of it anymore.


? November 1, 2012 at 8:47 am

“It’s not even amusing to make fun of it anymore.”

Awe, come on man, you’re not trying hard enough.

One has to cope with the reality somehow, and given that video poker hasn’t occupied enough of law enforcement’s time to stop them from busting DUI’s- drinking in the middle of the day probably isn’t going to help.

TheFunkyMonkey November 1, 2012 at 8:52 am

I posted these questions on another FITS article but have not received a response. Since this is a new article that will gain more attention, I’m reposting:

Two questions:

1. I signed up for ProtectMyID. If I call the toll-free number, will they confirm (or not) that my specific SSN has been breached?

2. Does anyone know if we have legal options here based on any conversations with a SC attorney? If so, can anyone recommend an attorney to contact?

As I mentioned in my other post, I work in the data industry so I have a “front and center” view of this situation and all I can is we are fucked — simple as that. I do NOT work for any of the bureaus — FYI. I can’t believe the dumb cunt waited as long as she did to make the announcement and then backs her decision with, “we’re trying to buy back the list”. Is she that fucking stupid? That stupid to believe that herself and that stupid to think anyone with an ounce of intelligence would buy-into that nonsense??? I think I answered my own questions…

This State would be far off better without the First Tramp. Thank you for any help.

? November 1, 2012 at 9:08 am

Dude, no offense-but you don’t get on an internet site and ask a random population millions what attorney they recommend…

Go talk your friends & family, face to face-who I assure you know an attorney someplace that they’ve had a good experience with.

Econ 101 November 1, 2012 at 9:14 am

1) I’ve heard a couple people mentioned that they learned of some breaches by calling those folks. I would think signing up online and checking your credit report would basically give you the same info.

2) There is a class action lawsuit in the works (a “large” one based on previous comments here). I haven’t taken the time to review my SC Tort Claims Act precedent, but I think the state’s liability would be capped at $600,000. So go hug your favorite tort reform legistator if you can catch him between grandstanding about what the DOR didn’t do.

? November 1, 2012 at 9:22 am

Math Class:

3.6 million potential clients getting a $600,000 judgement= $6 per person BEFORE attorney fees.


I suppose you can hope that only 25% join the class action lawsuite and your “winning” nets you around $25- but just remember “your” attorney doing class action is actually working against you because he wants as many participants as possible to boost up his percentage.


Econ 101 November 1, 2012 at 9:32 am

Yeah, I think the suits where folks make money against the state are where you claim people have vested contractual rights that aren’t being met, like I believe Hartpootlian did with the retirement accounts a while back. Or by arguing for more than one “occurrence” of a tort. For example, you could try to argue that there are 3.6 million occurrences here, but good luck getting the courts to go along with that (nor should they).

PS – Man I hope that Nelson Mullins is only getting Insurance Reserve Fund rates on this. That would be the only good thing to come out of this.

Smirks November 1, 2012 at 9:41 am

Not to mention, who pays when the government gets sued?

VeronicaMars November 1, 2012 at 11:41 am

If you’re already signed up, why do you also need to call the toll-free number? And no, they won’t tell you if your information is compromised.

Losingfaithrapidly November 1, 2012 at 12:18 pm

I can not believe for one minute she thinks that nothing could have prevented this. I work within the licensure testing industry. EVERYTHING is encrypted AND everyday, employees receive a new password to sign in with. This is NOT new technology people!! This has been available for many years….SC is just too cheap and stupid to PREVENT a breach. Lets wait until it happens and try and wiggle out of it!

notagain November 1, 2012 at 2:52 pm

Less than a year ago an employee of the Department of Health and Human Services stole the identities of something like half a million people in that data base and sent them to his personal email for illegal use. Through some slip, he was caught. Should that not have raised questions about protecting critical information?? Apparently it did not and now it happens again. Will we learn this time? As some wag said, “There is nothing to be learned from the second kick of a mule.” Kick one at DHHS; kick two at DOR. Any bets on kick three?

Our state, its leadership and management is a joke to the rest of the nation. We need to be careful this election (and next). We have got to start looking at the competence of these people running for public office. Ideology will only take you so far. Then we have to start looking at experience and background. Clearly we have not been doing that. Look at who is in charge. She accepts no responsibility for the problem and waits for the third kick of the mule. My, my! Bless her heart.

mlynn November 2, 2012 at 4:27 pm

I have a very good friend from North Carolina who comes here to South Carolina a few times a year with his small business. He pays SC State Income Taxes as well as has a business license here. I saw him today: he is totally dismayed. Because of the nature of his business, he has not yet had time to deal with what to do about protecting himself, his business and his employees. I told him I think that his personal credit can be protected because of his social security number, but told him that the Governor had said that they hadn’t figured out what to do about out of state businesses.

LOOK at how South Carolina is treating not only our citizens and in-state businesses, but also out of state businesses who come here — who bring in a lot of revenue into our state. What kind of message is this sending? I don’t think I have to answer that one.

Randy Abner November 3, 2012 at 11:16 pm

The Govenor is done. She just don’t want to believe it.

How is she going to protect the elderly whose information was stolen. who don’t even have a computer? That may be in residential care? How?

This better be the wake up call for all states too. The bad guys are out in force and they will find the holes in your secuity fence.

Anyone interested in RAD or fast software development that doesn’t put security at the front of new system design? Go to South Carolina and find out who wrote the code. Go to any state and ask their head security officer if security is part of new system development. There are many. Ask Arkansas! Texas. Almost all will tell you that the legislatiors and govenors will not fund the project because it will cost to much. The reality is, some systems should NEVER be moved to client server platforms (WWW). The old mainframe is and was always the safeest place to host the software and the data.


Phillip November 29, 2012 at 1:27 am

Governor Scrooge ain’t using no software to protect private files for the state.512 bit encryption software,like File Lock pro.$69.00 software that could have prevented the breach.But I think that there is corruption starting with Governor Scrooge.


Leave a Comment