The man who supervised the state Department of Revenue’s computer system resigned less than three weeks before officials discovered a massive hacking breach, but agency officials insist the two events are unrelated.
Mike Garon, a senior administrator and chief information officer for the agency, resigned from his position on Sept. 21, according to department spokeswoman Samantha Cheek. The hacking breach was discovered Oct. 10, officials have said.
Cheek refused to provide specifics as to why he resigned but said “his resignation and the recent cyber-attack on DOR are not relevant to one another.”
“Mike Garon’s resignation is a personnel matter and not one that we are going to comment on,” she said.
Garon could not be reached for comment today. A woman who answered the phone at his home on Monday hung up on a reporter when he asked to speak to Garon.
Cheek would not answer questions today about the department’s computer system, including who is in charge of its security, how much it cost and how old it is. She did note that there had been no previous security breaches.
“As the investigation is still ongoing, it would be premature for DOR to comment on these specifics at this time,” Cheek said.
Gov. Nikki Haley revealed today that officials had begun doing “standard audits and protections” on the DOR system on a monthly basis in July “just to make sure we’re cautious.” Previously, those audits had been done monthly, she said.
The first attempts at breaching the system occurred in August, officials have said. The state learned this month that millions of Social Security, credit card and debit card numbers were swiped, they said.
Revenue Department Director James Etter told state senators today that some business information also was in tax records breached by computer hackers.
Previously, the state had indicated it was not aware of any business information that had been compromised. But Etter told the S.C. Senate Finance Committee Tuesday afternoon that some business information was stored in the department database that hackers mined for data.
Etter did not specify how many businesses are potentially affected, but said state ID numbers for businesses will be changed as a result. He left the hearing after his testimony without taking questions from reporters.
Haley today said Experian has agreed to cap the state’s costs at $12 million for a year’s worth of credit monitoring of taxpayers affected by a massive hacking breach at the Department of Revenue.
Haley said that figure was arrived at late last night as a result of negotiations. “They are not going to charge us any more than $12 million,” even if all 3.6 million folks whose Social Security numbers were swiped sign up for protection, Haley said.
Officials have said it could be weeks before authorities learn exactly what information was swiped from the database of 3.6 million Social Security numbers and 387,000 credit or debit card numbers from the S.C. Department of Revenue during a series of cyber attacks that date to Aug. 27.
Haley said the attack was indicative of “the world we live in today” and that the lack of much national media interest into the episode shows how commonplace such attacks have become. At the same time, she called the attack “ absolutely bizarre” and not something that happens every day.
Haley stressed that no state employee should be faulted for the breach and that no one in state government did anything wrong that allowed the hacker to enter state computers. Neither she nor State Law Enforcement Division Chief Mark Keel would reveal exactly how the hackers got in, saying they did not want to compromise the ongoing investigation.
“What we do know is that this was no simple breach,” she said. “This was no issue with someone in the agency. This was not a hole that was within DOR. This was a true, sophisticated breach.”
She said the CIA, the White House and Google also have been hacked at one time. Everyone wants to blame someone for the episode by the only person responsible is the overseas hacker who stole the information, Haley said.
“Not one thing or one person on the Department of Revenue that could have avoided this hack,” Haley said.
Keel defended the state’s decision to wait 16 days before telling the public about the intrusion and the theft of personal information. He said investigators needed to reach certain benchmarks in the case before revealing the breach.
“We believe we safeguarded the citizens of this state by doing that,” he said.
State officials have advised anyone who had filed a state tax return since 1998 to take steps to learn if their information had been misused by identity thieves. The state is offering one year of free credit monitoring to worried taxpayers.
Some 533,000 people have contacted the call center to begin the process of registering for that protection, and 287,000 have signed up, Haley said.
The wait time for callers is now under 12 minutes, Haley said.
Haley said hacking experts told her thieves usually wait six to eight months after an attack to put the stolen information to use. “So that is the time frame we are going to be focused on,” she said. “Usually after a year, they don’t see anything.”
Other experts have told The Post and Courier thieves generally wait up to three years to use stolen information to avoid getting caught.
While Experian’s free monitoring will end after a year, the company will provide ongoing help to those who have been victimized by fraud as a result of the breach. “They will go back and hold your hand and make sure you are taken care of,” Haley said.
When the state announced the breach on Friday and urged callers to sign up for monitoring, the call center line was busy and the wait time exceeded an hour for those who could get through.
Haley today blamed that delay on the media calling the number to see it if worked, clogging phone lines.
Bill Rogers, executive director of the South Carolina Press Association, said he found Haley’s statement hard to believe. “That is an ingenious way to blame the media,” he said. “I can’t imagine there are enough reporters in South Carolina to clog that line.”
Dozens of people called The Post and Courier on Friday to complain about their inability to get through to the call center, which officials said was staffed by 300 call-takers. Reporters then called the number but just got a busy signal.
“There are 16 daily newspapers in South Carolina,” Rogers said. “If that is enough to clog up their phone lines, then they have got problems.”
Reach Glenn Smith at 937-5556 or Twitter.com/glennsmith5.
For additional stories, go to postandcourier.com/hacked.