South Carolina governor seeks to calm taxpayers after security breach

CHARLESTON, South Carolina Mon Oct 29, 2012 4:22pm EDT

South Carolina Governor Nikki Haley addresses the second session of the Republican National Convention in Tampa, Florida August 28, 2012. REUTERS/Mike Segar

South Carolina Governor Nikki Haley addresses the second session of the Republican National Convention in Tampa, Florida August 28, 2012.

Credit: Reuters/Mike Segar

CHARLESTON, South Carolina (Reuters) - South Carolina Governor Nikki Haley sought on Monday to temper the anger and frustration of state taxpayers left wondering if their personal information was compromised by recent cyber attacks on computers belonging to the Department of Revenue.

Some residents also questioned whether state officials took too long to disclose that as many as 3.6 million Social Security numbers and 387,000 credit and debit card numbers may have been exposed to a foreign hacker in the security breach.

State police said on Friday that they had begun an investigation earlier this month into a series of computer system breaches that occurred since August, with officials adding they did not know how much personal information was obtained by the hacker.

"This wasn't an issue where anyone in state government could have done something to avoid it," Haley said. "This is a situation where a sophisticated, intelligent individual got into a database and is unbelievably creative in how he did it, and now we're having to deal with it."

Officials urged anyone who had filed a South Carolina tax return since 1998 to investigate whether their information was affected. They provided a toll-free number taxpayers could call to obtain a year of credit and identity theft protection from Experian, paid with state funds.

But callers said that over the weekend they got busy signals, recordings, no answer or were on hold a long time. Those who got through received a code number to use to enroll online for the theft protection. The number was the same for all callers.

On Monday, the Republican governor, who had said she wanted the hacker "slammed against the wall," announced the code number at a news conference in the state capital of Columbia and told people they could sign up directly online.

"You don't have to call today. You have until the end of January 2013 to call and it will be retroactive," said Haley, who said the hot line had received 455,000 calls and that 154,000 people had signed up for credit protection.

Of the data potentially exposed, all but 16,000 of the credit card numbers were encrypted, compared to none of the Social Security numbers, officials said.

The U.S. Social Security Administration says it does encrypt Social Security numbers and encourages organizations that maintain the numbers in their systems to consider doing so. But Haley said the industry standard was that most such numbers are not encrypted.

It could be weeks before investigators determine what information was compromised, said Mark Keel, chief of the state's Law Enforcement Division.

Keel said the decision to wait more than two weeks to notify the public about the cyber attacks was an investigative strategy. "By allowing us the time to conduct our investigation, we believe that this information is better protected than it would have been otherwise," he said.

Millie See, a retired school teacher who lives in Charleston, said she and her husband were among those who had failed to get through on the toll-free number, and she worried about the consequences.

"If you haven't signed up for protection, it means your information is still out there and people could use it," she said. "I think it's shocking when your own state cannot secure its own records."

(Editing by Colleen Jenkins, Cynthia Johnston and Philip Barbara)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (13)
divinargant wrote:
Wait a second..wasn’t she the one who came out in a press conference on this very matter and stated that she wanted the one responsible for this to be slammed against the wall…and now she is seeking to calm the masses who have been breached? Nikki, I do believe your going about this in reverse.

Oct 29, 2012 4:45pm EDT  --  Report as abuse
VonHell wrote:
So you got exposed but you can relax since you have until january to seek protection lol…
just wondering if the “unbelievably creative” way they got hacked was by guessing Haley’s password… the governor must have some sort of high clearance password like in the movies hehe
Australia has Julia, Brazil has Dilma and US has Nikki, Michele and Sarah…so unfair

Oct 29, 2012 5:13pm EDT  --  Report as abuse
AlkalineState wrote:
Were they cyber-terrorists or were they cyber-protesters? Or were they cyber-militants dressed up as cyber-protesting, cyber-terrorists?

America WANTS TO KNOW THE TRUTH ABOUT WHAT HAPPENED! STOP THE COVER-UP AND THE LIES IN SOUTH CAROLINA!

Good times.

Oct 29, 2012 5:20pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.