COLUMBIA — South Carolina must officially seek the next contract for taxpayers’ credit monitoring services next month to prevent a coverage lapse, a state agency director said Tuesday.
Budget and Control Board director Marcia Adams said mid-July is the deadline for assuring a new deal is in place before the one-year contract with Experian expires. That contract was signed just before Gov. Nikki Haley announced Oct. 26 that a hacker stole the personal data of millions of residents from their tax returns.
That $12 million no-bid contract, negotiated by Haley as an emergency situation, gave residents until March 31 to sign up. The year of credit monitoring for the 1.4 million people who met that deadline started whenever they signed up. More than 500,000 did so within a week of the announcement.
Fourteen companies have indicated they want the next, multi-year contract. Lawmakers expect the bidding process to result in a lower-cost contract with better consumer protections, beyond after-the-fact notification of a new account’s opening. Legislators’ 2013-14 budget proposal sets aside more than $20 million toward the new contract, as well as efforts to strengthen agencies’ cyber-security.
A draft of the state’s request for bids should be ready July 1. The Budget and Control Board’s five-member oversight panel, which Haley chairs, must approve the wording. A special meeting will be called.
“We want to make sure there’s no lapse in security coverage,” Haley said.
When a contract would be issued is unclear. Adams said issuing the request in mid-July allows for potential protests from companies that don’t win it.
Last fall’s hacking on the Department of Revenue’s computer servers represented the nation’s largest of a state agency. The cyber-thief took the unencrypted Social Security and bank numbers of 6.4 million residents and businesses.
The U.S. Secret Service notified state officials Oct. 10 of the breach a month earlier. Critics say taxpayers should have been warned immediately. Haley has said she had to wait for clearance from law enforcement. Letters to affected taxpayers began going out in mid-December.
A clause in legislators’ 2013-14 budget proposal requires residents to be notified within 72 hours of a breach, unless it would impede a law enforcement investigation. The attorney general would have to continually review such delays.
“It was 16 days before we ever heard anything about it, and we don’t believe that’s the way to treat our people,” said Senate Finance Chairman Hugh Leatherman, R-Florence. “We’re trying to stop what happened last year.”
Notice about comments:
The Post and Courier is pleased to offer readers the enhanced ability to comment on stories. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We ask that you refrain from profanity, hate speech, personal comments and remarks that are off point.