Former S.C. Department of Revenue official ‘flabbergasted’ by breach
COLUMBIA — The S.C. Department of Revenue’s former chief information officer Thursday claimed partial responsibility for the massive breach of taxpayer information but said he remains baffled that the breach went undetected by the agency.
“If procedures were not adequate, that is my responsibility,” said Mike Garon, who testified before a panel of House lawmakers investigating the cyberattack at the state’s tax-collection agency.
Garon resigned less than three weeks before the Secret Service alerted state officials to the breach on Oct. 10.
Thursday marked the first time Garon has publicly addressed the breach or his departure from the agency. Lawmakers previously have said they had difficulty locating him.
Asked who was to blame for the breach, Garon said no one individual can be singled out.
“You want a person, and I will not pick out a person. There are many procedures and policies and people responsible for those that are accountable,” he said. “Am I accountable for some element of this? Yes.”
Garon cautioned that he did not know specific details of how the breach occurred but is shocked it went undetected by the Revenue Department for months as hackers infiltrated and probed the agency’s systems.
“I never understood what happened. To this day, I am flabbergasted,” Garon said.
The former computer chief said employees and contractors — who were relied upon to fill vacancies, according to Garon — should have been able to detect that a large amount of data was being transferred by hackers Sept. 13-14 by monitoring computer logs.
If the logs went unmonitored, “Then to me, somebody wasn’t doing their job,” Garon said.
Garon said if employees had noticed a large amount of data being moved, he would have been the one who was supposed to be notified.
House Majority Leader Bruce Bannister, R-Greenville, chairman of the House hacking committee, said committee staff have requested the logs and related information.
The Revenue Department has said Garon’s departure Sept. 21 was unrelated to the cyberattack but did not provide any details.
On Thursday, Garon said he resigned because he was told by agency leadership, including former Director Jim Etter, that he would be fired if he chose not to depart voluntarily.
Garon said he was told he was being forced out because of specific instances of verbal abuse, and for telling the Division of State Information Technology in an email that DOR would not take part in the division’s disaster recovery planning.
In a termination letter obtained by The Post and Courier, Etter wrote to Garon that he should not have sent the email without consulting him.
Garon conceded Thursday that he had been confrontational but said that was his preferred style. And he said his message to DSIT came after he was told by the division’s leader that it was not going to set aside recovery-planning money for the Revenue Department.
Former Revenue Department computer security administrator Scott Shealy didn’t testify Thursday but attended the hearing. He told reporters that Garon was “very abusive” in his interaction with employees and was the reason the agency had such a high turnover rate.
“The issue was that employees were reluctant to take those concerns up the chain for fear of retaliation,” Shealy said.
Shealy left the Revenue Department and his former boss Garon in 2011. His job went unfilled by the agency for almost a year. He has told lawmakers that computer security was not a priority at the agency during his time there.Reach Stephen Largen at 864-641-8172 and follow him on Twitter @stephenlargen.