State Sen. Vincent Sheheen’s campaign on Tuesday issued a sharp attack on Gov. Nikki Haley over her handling of a massive cyberattack a year ago that compromised the personal records of millions of South Carolina taxpayers.

The Democratic candidate for governor called the episode a “horrible and preventable disgrace” in a letter his campaign emailed Tuesday to tens of thousands of South Carolinian voters.

Sheheen noted that Haley said a year ago no one was to blame and nothing could have been done to prevent the theft of unencrypted personal information from the Department of Revenue. It was later disclosed that 6.4 million people and businesses listed on tax returns filed online since 1998 had been affected.

Several weeks later, however, she acknowledged that state officials did not do enough to prevent the theft and announced the resignation of former Revenue Director Jim Etter. She also released the findings of an outside expert, who said two things could have prevented the hacking: the encryption of stored data or requiring more than one password to log into the system remotely.

“One year ago today, Nikki Haley stood before the people of the state and said no one should be disciplined for this massive breach of public trust and failure of state government,” read Sheheen’s letter, which his campaign also posted online. “It’s been a long year since then, full of much worry for families and businesses at risk.”

The anniversary allowed Sheheen to hit on an issue that’s already central to his campaign. In January, he introduced a proposed apology from the Legislature to South Carolinians over the government’s failure to protect their information. The legislation went nowhere. Rob Godfrey, then spokesman for Haley’s office, called it a political stunt.

“In his whole political career in Columbia, Vince never once said the word ‘cybersecurity’ until our state was attacked. Now he just keeps repeating the same old tired and false political rants,” said Godfrey, now her campaign spokesman. “The truth is that Gov. Haley has led a massive and unprecedented effort across all aspects of state government to make our cyber systems more secure than ever and to protect our people from harm.”

Sheheen also criticized Haley’s decision to award credit bureau Experian a no-bid contract to provide credit monitoring to taxpayers who signed up — a $12 million deal she touted as personally negotiating. That represented the single largest payment of more than $25 million the state spent last fiscal year to clean up the debacle.

Legislators critical of the deal pushed for more extensive services and set aside money in the 2013-14 budget for a second year of state-paid monitoring awarded through a bidding process. CSIdentity Corp. recently won that contract for $8.5 million. Experian declined to participate.

No one has been arrested in the case. State Law Enforcement Division Chief Mark Keel said Tuesday it’s an ongoing investigation with the U.S. Secret Service.

The 2014 governor’s race has long been expected to be a rematch between Haley and the senator from Camden, who lost by 4.5 percentage points in 2010.

Sheheen touted his work in helping create an Identity Theft Reimbursement Fund in the state budget. The largely symbolic program calls for the state to reimburse expenses that an identity theft victim incurs because of a state breach. Someone seeking money would have to apply to the state treasurer’s office.

As of Tuesday, no one had, according to Treasurer Curtis Loftis’ office.

It’s unknown if anyone’s identity has been stolen because of the hacking. A Federal Trade Commission attorney has said the selling and trading of stolen information makes it virtually impossible to trace an identity theft case to any particular security breach.