Up to 657,000 businesses affected by S.C. data breach

COLUMBIA — As many as 657,000 South Carolina businesses had information in a hacked state database, Gov. Nikki Haley said Wednesday.

Previous coverage

For more stories about the state Department of revenue breach, go to postandcourier.com/hacked.

The news followed the filing of the first class-action lawsuit against Haley and the S.C. Department of Revenue.

Haley stays in S.C.

Mitt Romney’s campaign asked Gov. Nikki Haley to campaign in several swing states ahead of Tuesday’s election, but the governor will stay in South Carolina as the state deals with a hacking crisis, her office said late Wednesday.

“Gov. Haley’s support for Mitt Romney and Paul Ryan is absolute, but her highest priority is making sure the people of our state get the protection and information they deserve,” Haley spokesman Rob Godfrey said in a statement.

Haley was set to campaign from Saturday through Monday night, but canceled the swing-state tour on Tuesday, according to her office.

Stephen Largen

Haley said it’s likely some of the business filings in the Revenue Department database come from the same company, so it’s possible as few as 300,000 businesses are affected.

The state might not know which businesses had information in the file for several months, Haley said.

Haley said if a company in the database submitted a payment to the Revenue Department using a check, the information on that check is compromised.

Any S.C. business that has filed taxes with the Revenue Department since 1998, the year the breached database dates back to, will have the option of free fraud monitoring.

Starting Friday, Dun & Bradstreet Credibility Corp. will give businesses that want it free access to a service that will alert them to any changes in their credit scores or ratings. Other indicators of any potential fraudulent activity also will be monitored.

Haley’s office said Experian, which is providing a year of free credit monitoring to the 3.6 million people who had personal information breached in the hack, also will be providing free monitoring for businesses.

Details will be released soon, Haley spokesman Rob Godfrey said.

The state will pay Experian $12 million for the monitoring for individuals while the business monitoring will be provided free. Dun & Bradstreet is not charging the state.

“In some cases we have to realize that bad people do bad things,” Haley said, referring to the hacker. “But we also have to realize with people like Dun & Bradstreet that are doing this for free, good people do good things.”

Haley wants businesses to sign up with the company by January but said there is no deadline.

U.S. Sen. Lindsey Graham, R-S.C., has reached out to the Internal Revenue Service to see if businesses also can be allowed to change their employer identification numbers, Haley said. She said businesses also should consider asking their banks to change their debit or credit card numbers.

Meanwhile, Haley scoffed at the news that a lawsuit had been filed against her and the Revenue Department over the breach.

John Hawkins, a Republican attorney and former state senator from Spartanburg, filed the class-action lawsuit Wednesday in Richland County on behalf of a 60-year-old Spartanburg resident, he said. Hawkins said more residents could join the suit. Haley responded to the suit by saying, “There is a trial lawyer with a handout and a tissue ready at any crisis, and he has just proven that.”

Hawkins unsuccessfully challenged Sen. Lee Bright in last summer’s GOP primary in Spartanburg. Haley endorsed Bright in that race.

Comments { }

Postandcourier.com is pleased to offer readers the enhanced ability to comment on stories. We expect our readers to engage in lively, yet civil discourse. Postandcourier.com does not edit user submitted statements and we cannot promise that readers will not occasionally find offensive or inaccurate comments posted in the comments area. Responsibility for the statements posted lies with the person submitting the comment, not postandcourier.com. If you find a comment that is objectionable, please click "report abuse" and we will review it for possible removal. Please be reminded, however, that in accordance with our Terms of Use and federal law, we are under no obligation to remove any third party comments posted on our website. Read our full Terms and Conditions.