S.C. Department of Revenue didn’t use state cyber security system

  • Stephen Largen
  • Posted: Thursday, November 1, 2012 9:59 p.m.
  • Text size: A A A

COLUMBIA — Gov. Nikki Haley has repeatedly said nothing could have been done to prevent a hacker from stealing Social Security numbers and credit card information from the S.C. Department of Revenue database.

But for the systems that a hacker breached, the Revenue Department had not been using a layer of cyber security offered by the state, according to information provided Thursday to The Post and Courier by the S.C. Budget and Control Board.

Democratic state Sen. Vincent Sheheen of Camden said having the state monitoring system in place on the breached systems might not have prevented the attack, but the additional protection could have helped.

“The answer is that there’s no 100 percent guarantee, but the purpose of the (monitoring) system is to detect breaches, and they have been very successful in detecting breaches in other agencies,” he said.

Sheheen, who lost to Haley in 2010, said the fact that the Revenue Department began using the monitoring after the breach and the fact that many agencies use the monitoring shows its relevance. He said the department should have disclosed after announcing the breach that the state monitoring was not in place.

“It means I think we have to call into question what the Department of Revenue isn’t telling us,” he said. “I think we really have to look for some objective investigation into what actually occurred.”

Haley spokesman Rob Godfrey said in response that: “Politics is politics and we’re certainly not interested in it right now.”

Many state agencies, school districts and local governments use the free network monitoring services from the Division of State Information Technology.

The breach that has compromised 3.6 million Social Security numbers and information for as many as 657,000 companies began Aug. 27.

The attack wasn’t discovered by the state until Oct. 10, according to state officials.

The hacker entered the Revenue Department system twice before extracting the sensitive data, officials have said.

Read more later at postandcourier.com and in tomorrow’s newspaper.

Comments { }

Postandcourier.com is pleased to offer readers the enhanced ability to comment on stories. We expect our readers to engage in lively, yet civil discourse. Postandcourier.com does not edit user submitted statements and we cannot promise that readers will not occasionally find offensive or inaccurate comments posted in the comments area. Responsibility for the statements posted lies with the person submitting the comment, not postandcourier.com. If you find a comment that is objectionable, please click "report abuse" and we will review it for possible removal. Please be reminded, however, that in accordance with our Terms of Use and federal law, we are under no obligation to remove any third party comments posted on our website. Read our full Terms and Conditions.