COLUMBIA — Another South Carolina Cabinet agency’s experience with credit monitoring firm Experian helped the company land a $12 million no-bid contract with the Department of Revenue following a massive breach of an agency database, according to state officials.
For that cost, Experian will provide a year of credit monitoring and lifetime credit-fraud resolution for up to 3.8 million taxpayers who had sensitive information in the database.
After an internal breach at the state Department of Health and Human Services in April, the agency contracted with Experian to provide credit protection for almost a quarter-million Medicaid beneficiaries whose information had been improperly accessed.
That agreement cost the state about $750,000, according to HHS.
Rob Godfrey, spokesman for Gov. Nikki Haley, attributed the Experian-Revenue Department deal to the administration’s “pre-existing, positive relationship” with the company through its work with HHS. He added that the company also was willing and able to provide services to taxpayers on an expedited timeline.
Revenue Department spokeswoman Samantha Cheek said the agency turned to Experian “as it is one of the largest and most experienced credit bureaus.”
The Haley administration reached an initial agreement with Experian soon before officials announced the breach on Oct. 26. Following negotiations, the state and company reached a subsequent agreement that capped the state’s costs at $12 million.
Haley has said she negotiated the company down to that figure, and the credit monitoring service could have cost the state more than $80 million.
Many taxpayers have complained about wait times for reaching Experian representatives, with some saying they haven’t been able to reach a live person at all before being directed to visit a website and disconnected.
Nonetheless, Haley has praised Experian and another company, Dun & Bradstreet Credibility Corp., which is providing monitoring to businesses at no cost to them or the state.
“Experian and Dun & Bradstreet could not be any better in walking people through the process,” she said during a stop in the Lowcountry last week.
The new deal with Experian didn’t come about in the way most state contracts are struck: through a request for proposals from different companies.
The state used emergency procurement procedures that allow officials to go around normal procurement rules.
The emergency law can be used when there is “immediate threat to public health, welfare, critical economy and efficiency, or safety under emergency conditions.”
Still, the state’s emergency procurement law states “competition as is practicable shall be obtained.”
It’s unclear if the state considered any other companies for monitoring Revenue Department breach victims.
Cheek did not respond to a question asking if the agency looked at other providers.
She said Tuesday evening that the agency’s contract with Experian will be released today at 3 p.m.
Cheek said the Revenue Department at the same time will release the agency’s contract with Trustwave, the cyber security the agency was using at the time of the breach.
The state and Trustwave acted negligently in allowing the database to be hacked and then failing to notify the public for more than two weeks, a former state senator suing the state over the breach has alleged.
Haley is set to provide updated information on the breach in a 2 p.m. Statehouse press conference today.
Read more in upcoming editions of The Post and Courier. Reach Stephen Largen at 864-641-8172 and follow him on Twitter @stephenlargen.