COLUMBIA — The S.C. Department of Revenue hired a communications firm for $160,000 after a cyberattack involving South Carolina taxpayer information.
A spokeswoman for the department explained the hiring Tuesday by saying the agency does not have the capacity to do all the things it was required by law to do in the wake of the breach, such as creating and placing advertisements informing taxpayers of how they can receive help.
The leader of the S.C. Association of Taxpayers questioned the spending.
“I think the $160,000 would have been spent on better protection to get us out of this mess in the first place,” said Don Weaver, the group’s president. “Why should these agencies be allowed to hire PR firms when they make a mistake?”
Bill Rogers, executive director of the S.C. Press Association, had a different take.
He said it is sort of unusual that a state agency hired the firm in the midst of a crisis, but that state agencies have long used PR and advertising firms.
“This was a giant nightmare and the public needs to be informed, so I don’t know that it’s any out of line,” he said.
The cyberattack compromised 3.6 million Social Security numbers for people who had paid state taxes since 1998, thousands of credit and debit card numbers and information from as many as 657,000 S.C. businesses.
Most of the payment to the firm Chernoff Newman, about $120,000, was for the cost of running ads in newspapers across the state and news websites alerting taxpayers to available help, said Rick Silver, a vice chairman of the firm.
Chernoff Newman was hired the week before an Oct. 26 press conference in which state officials first publicly disclosed the breach, according to Revenue spokeswoman Samantha Cheek.
State officials were notified of the breach on Oct. 10.
The S.C. Department of Health and Human Services also used the firm this year after an internal breach by an employee in which more than 228,000 Medicaid records were improperly accessed.
Revenue hired Chernoff Newman based on HHS having a positive relationship with the firm, Cheek said.
While one of the firm’s primary responsibilities in the latest breach is dealing with ads, emails obtained Tuesday by The Post and Courier in response to an S.C. Freedom of Information Act request appear to show that the firm helped create at least one news release for the Revenue Department.
The newspaper discovered the hiring of the firm from those emails.
Silver said part of the firm’s role is to make sure all communications coming from state government are consistent, and to see that “everybody was saying the same thing to avoid confusion.”