Checking the facts for affected businesses
State officials have offered updates with new details every day since the security breach was announced. The Post and Courier has been keeping track:
For more stories about the state Department of revenue breach, go to postandcourier.com/hacked.
After some initial uncertainty, state officials confirmed Tuesday that, in addition to 3.6 million individual taxpayers, the South Carolina’s businesses’ identification numbers might have been compromised in the recent hack of the Department of Revenue. On Wednesday, Gov. Nikki Haley announced that, like individuals, businesses will be treated to credit-monitoring.
The two arrangements, as reported by Haley, are strikingly different. After days of negotiation over terms such as cost, Experian agreed to offer its ProtectMyID service — credit-monitoring and $1 million insurance for a year, as well as fraud-resolution help for life — for a capped total cost of $12 million.
Dun & Bradstreet, on the other hand, apparently just called down this week and offered free, real-time credit-monitoring to businesses for as long as they’re in operation at no cost to the state.
Dun & Bradstreet will monitor changes in businesses’ officers, banking or address, Haley said.
At first glance, it sounds like businesses, fresh off the bad news of their exposure to the hack, have a silver lining.
Haley was asked Wednesday whether businesses should be concerned about any sensitive numbers they reported on their tax returns, like bank account routing numbers. Her response seemed to prompt more questions about businesses’ vulnerability.
“Just keep in mind, you give a check to your grocery store, you give a check to anybody, so anybody that you give a check to, that information is always there,” she said. “The business information that was given that would’ve been attached to that would have been EIN numbers, which is public information, checking account numbers, which you already have — that’s always been public information — Social Security numbers, if they are tied to that, which is why you need to contact to get in with the site. Those are more the types of things that got in. So what I can tell you is they got what is already public. But again I would recommend businesses take advantage of Dun & Bradstreet and sign up.”
Routing numbers are on checks, but does that make them “public”? And Social Security numbers certainly aren’t something people want floating around, especially in the hands of hackers. The governor’s last piece of counsel seems the soundest.