Officials: Earlier work with state helped Experian land hacking contract

  • Posted: Friday, November 16, 2012 12:17 a.m., Updated: Friday, November 16, 2012 12:18 a.m.

COLUMBIA — South Carolina officials reached a $12 million agreement with credit-monitoring firm Experian outside of the normal regulations for state purchasing.

Previous coverage

For more stories about the state Department of revenue breach, go to postandcourier.com/hacked.

Officials said there wasn’t time to take formal bids for the service following the massive breach of an S.C. Department of Revenue database.

And Experian was best suited for the job, they said.

For the $12 million, Experian will provide a year of credit monitoring and lifetime credit-fraud resolution for up to 3.8 million taxpayers who had sensitive information in the database. The company also will provide monitoring for minors through a family program.

Officials said Experian’s work with another Cabinet agency breach earlier this year helped the company land the deal.

After records were improperly accessed at the Department of Health and Human Services in April, the health agency contracted with Experian to provide credit protection for almost a quarter-million Medicaid beneficiaries whose information had been improperly accessed.

That agreement cost the state about $750,000, according to HHS.

Rob Godfrey, spokesman for Gov. Nikki Haley, attributed the Experian-Revenue Department deal to the administration’s “pre-existing, positive relationship” with the company through its work with HHS. He added that the company also was willing and able to provide services to taxpayers on an expedited timeline.

Revenue Department spokeswoman Samantha Cheek said the agency turned to Experian “as it is one of the largest and most experienced credit bureaus.”

The Haley administration reached an initial agreement with Experian just before officials announced the breach on Oct. 26.

The Secret Service had notified the state of the breach on Oct. 10. Negotiations continued, and the state and company reached an agreement that capped the state’s costs at $12 million.

Haley has claimed credit for negotiating the company down to that figure, and has said the credit-monitoring service could have cost the state more than $80 million.

The Revenue Department estimates the potential savings from the negotiation was lower: as much as $47 million.

Many taxpayers have complained about wait times for reaching Experian call-center representatives, with some saying they haven’t been able to reach a live person at all before being directed to visit a website and getting disconnected. The company has added more employees at the call center since the breach was first announced, according to the Revenue Department.

Haley has praised Experian and another company, Dun & Bradstreet Credibility Corp., which is providing monitoring to businesses at no cost to them or the state.

“Experian and Dun & Bradstreet could not be any better in walking people through the process,” she said during a recent stop in the Lowcountry.

The new deal with Experian didn’t come about in the way most state contracts are struck: through a request for proposals from different companies.

The state used emergency procurement procedures that allow officials to go around normal procurement rules.

The emergency law can be used when there is “immediate threat to public health, welfare, critical economy and efficiency, or safety under emergency conditions.”

Still, the state’s emergency procurement law states “competition as is practicable shall be obtained.”

Cheek said legal counsel hired by the state obtained pricing from two other companies, Citreas and Identity Force.

She said those firms and Experian were chosen because of their favorable volume pricing and the suitability of their services.

“After consideration, which was required to be very quick but was nonetheless thorough, Experian appeared to be the vendor best suited to the nature and size of the breach,” Cheek said.

Reach Stephen Largen at 864-641-8172.

Comments { }

Postandcourier.com is pleased to offer readers the enhanced ability to comment on stories. We expect our readers to engage in lively, yet civil discourse. Postandcourier.com does not edit user submitted statements and we cannot promise that readers will not occasionally find offensive or inaccurate comments posted in the comments area. Responsibility for the statements posted lies with the person submitting the comment, not postandcourier.com. If you find a comment that is objectionable, please click "report abuse" and we will review it for possible removal. Please be reminded, however, that in accordance with our Terms of Use and federal law, we are under no obligation to remove any third party comments posted on our website. Read our full Terms and Conditions.