COLUMBIA — A judge has dismissed a lawsuit over a massive security breach at South Carolina’s tax collection agency, ruling that the suit hadn’t gone far enough to prove that government officials were negligent in their care of taxpayers’ records.
In an order obtained by The Associated Press, Circuit Judge G. Thomas Cooper Jr. said the lawsuit had failed to prove that Gov. Nikki Haley and other government officials had harmed the public by conspiring to keep news of the hacking secret. The order also said the lawsuit couldn’t show that anyone had been harmed because of the breach.
“There is no injury that the Court can currently remedy, as no actual harm has been alleged,” Cooper wrote.
Former state Sen. John Hawkins filed the lawsuit last year after officials announced that a cyber-thief had hacked into the state revenue agency’s servers, taking unencrypted data from more than 6 million residents and businesses in the nation’s largest hacking of a state agency.
Hawkins accused agencies of failing to protect taxpayers and conspiring to keep news of the hacking from the public. The data was extracted Sept. 13 — the last of several system intrusions since August. Jim Etter, who resigned as revenue director at the end of last year, has said state officials didn’t learn of the breach until Oct. 10, when the U.S. Secret Service informed state law enforcement.
Hawkins said he didn’t know yet whether he would appeal the ruling but said he would keep fighting the issue.
“Obviously, we’re disappointed, but this is an evolving area of the law,” the former Spartanburg Republican said. “Hacking is a relatively new phenomenon. Areas of the law have not caught up yet to the real meaning of what hacking is in this new era we live in.”
Hawkins said he disagreed with the judge that there were no damages to taxpayers. Hawkins said the people whose information was stolen had already suffered irreparable harm.
“It could be a situation where the law has not caught up to technology,” he said.
Haley spokesman Rob Godfrey said the governor would keep finding ways to safeguard South Carolinians’ information against any future problems.
“Since the cyberattack, the governor’s focus has never been on blaming anyone other than the criminal who attacked South Carolina, but on providing taxpayers with the best possible protection going forward,” Godfrey said. “That’s where it will remain.”
The Revenue Department has been approved for a $20 million loan from the state’s insurance reserve fund to pay for the government’s hacking response. The largest chunk of that — $12 million — has been paid to the credit bureau Experian, which is providing a year’s worth of state-funded credit monitoring to any taxpayers who sign up by the end of March. Proposed legislation would extend that state-paid credit monitoring up to a decade.
Legislative panels have been investigating the breach. Last month, the revenue department’s former chief information officer accepted partial responsibility for the cyber-theft, questioning why his staff didn’t catch it and telling a House panel that he knew nothing about the hacking when he was forced to resign Sept. 21.