Sheheen: People deserve to see full hacking report

COLUMBIA - Two S.C. Senate Democrats accused Gov. Nikki Haley of a "cover-up" Thursday and called on her office to release a report into the hacking of personal information for millions of South Carolina residents.

Sen. Vincent Sheheen, D-Camden, Haley's opponent in November's gubernatorial election, wanted to place a directive into the state budget to require that a report from cybersecurity firm Mandiant be released. Senators first voted to kill the measure, which failed after Lt. Gov. Glenn McConnell cast the tie-breaking vote. It later failed on a technicality but Sheheen said he would try again as budget debates continue.

The report details the 2012 hacking of more than 6 million South Carolinians through information illegally obtained through the Department of Revenue. It includes information from a U.S. Secret Service investigation, senators said.

Sheheen said that Haley's administration should have authorized the release of the report in the name of transparency since it occurred two years ago. Legislators are allowed to view the report but must sign confidentiality agreements to view it. Sheheen said he would not do so because he believes it needs to be released.

Several lawmakers disagreed with the effort. Opposing lawmakers said that the release of the report could compromise an ongoing investigation into the hacking incident. The State Law Enforcement Division and U.S. Secret Service oppose the release of the report because it relates to an ongoing investigation, SLED Chief Mark Keel said in an interview.

Sen. Brad Hutto, D-Orangeburg, also revealed that a possible ransom of $25,000 had been paid to a hacker or hackers so they would not reveal South Carolinians information. He said he has not seen the report and does not know if that information is in there. But he said that he has been told that the payoff occurred from several sources, whom he would not reveal.

Sheheen said Haley should release the report into the hacking of personal information because it has been two years since it occurred and the public has the right to know what occurred.

"I'd like to see what actually happened, how access was gained to the system, whether or not data was returned to the state or not from the hacker . full disclosure has not occurred," Sheheen said in an interview.

Sen. Larry Martin, R-Pickens, said Sheheen was injecting partisan politics into a sensitive security issue.

Doug Mayer, the governor's spokesman, said Martin and others were right on the issue. "Senator Sheheen embarrassed himself, and should be more careful when trying to turn serious security issues into political games," Mayer said.

In August 2012, a hacker, likely from Russia, stole Social Security numbers and other personal and financial information that could be used to steal taxpayers' identities to open credit cards and pilfer bank accounts.

No South Carolinian's information has been used adversely because of the incident, Hutto said. He says that's because the federal government has paid a ransom to the hacker. He said it's questionable that the state spends millions to notify residents if their information is compromised when it appears it has not.

Reach Jeremy Borden at 708-5837.