For more stories about the state Department of revenue breach, go to postandcourier.com/hacked.
COLUMBIA — South Carolina officials reached a $12 million agreement with credit-monitoring firm Experian outside of the normal regulations for state purchasing.
Officials said there wasn’t time to take formal bids for the service following the massive breach of an S.C. Department of Revenue database.
And Experian was best suited for the job, they said.
For the $12 million, Experian will provide a year of credit monitoring and lifetime credit-fraud resolution for up to 3.8 million taxpayers who had sensitive information in the database. The company also will provide monitoring for minors through a family program.
Officials said Experian’s work with another Cabinet agency breach earlier this year helped the company land the deal.
After records were improperly accessed at the Department of Health and Human Services in April, the health agency contracted with Experian to provide credit protection for almost a quarter-million Medicaid beneficiaries whose information had been improperly accessed.
That agreement cost the state about $750,000, according to HHS.
Rob Godfrey, spokesman for Gov. Nikki Haley, attributed the Experian-Revenue Department deal to the administration’s “pre-existing, positive relationship” with the company through its work with HHS. He added that the company also was willing and able to provide services to taxpayers on an expedited timeline.
Revenue Department spokeswoman Samantha Cheek said the agency turned to Experian “as it is one of the largest and most experienced credit bureaus.”
The Haley administration reached an initial agreement with Experian just before officials announced the breach on Oct. 26.
The Secret Service had notified the state of the breach on Oct. 10. Negotiations continued, and the state and company reached an agreement that capped the state’s costs at $12 million.
Haley has claimed credit for negotiating the company down to that figure, and has said the credit-monitoring service could have cost the state more than $80 million.
The Revenue Department estimates the potential savings from the negotiation was lower: as much as $47 million.
Many taxpayers have complained about wait times for reaching Experian call-center representatives, with some saying they haven’t been able to reach a live person at all before being directed to visit a website and getting disconnected. The company has added more employees at the call center since the breach was first announced, according to the Revenue Department.
Haley has praised Experian and another company, Dun & Bradstreet Credibility Corp., which is providing monitoring to businesses at no cost to them or the state.
“Experian and Dun & Bradstreet could not be any better in walking people through the process,” she said during a recent stop in the Lowcountry.
The new deal with Experian didn’t come about in the way most state contracts are struck: through a request for proposals from different companies.
The state used emergency procurement procedures that allow officials to go around normal procurement rules.
The emergency law can be used when there is “immediate threat to public health, welfare, critical economy and efficiency, or safety under emergency conditions.”
Still, the state’s emergency procurement law states “competition as is practicable shall be obtained.”
Cheek said legal counsel hired by the state obtained pricing from two other companies, Citreas and Identity Force.
She said those firms and Experian were chosen because of their favorable volume pricing and the suitability of their services.
“After consideration, which was required to be very quick but was nonetheless thorough, Experian appeared to be the vendor best suited to the nature and size of the breach,” Cheek said.
Reach Stephen Largen at 864-641-8172.