State still behind curve on data security breach

info@islandpacket.comSeptember 20, 2013 

After a year, one would think state officials would be on top of events surrounding the huge security breach they were responsible for. Unfortunately, one would be wrong

State Department of Revenue officials were caught flat-footed this past week when Experian, the company providing credit monitoring services for taxpayers and family members whose information was stolen from department computers, started soliciting people to sign up for another year of credit monitoring -- at a price.

But state officials have pledged to offer at least another year of free monitoring. The legislature authorized spending $10 million to do that. State officials plan to announce a new contract Monday.

There's no need to pay for Experian's service even at the low price of 99 cents a month. Experian was awarded a $12 million, no-bid contract last year after the data breach was discovered.

Hackers stole the Social Security, bank account and credit card numbers of more than 6 million individuals and businesses contained in income tax filings in Department of Revenue computers. The department had failed to use basic security measures, including encrypting data and a multi-layered password system. The agency also had left its computer security officer's position vacant for a year before the breach; its last security officer told lawmakers he thought the agency hadn't made security a priority.

About 1.5 million people signed up for the free monitoring.

The Revenue Department said it was not aware that Experian planned to send out renewal solicitations until people started receiving emails last weekend. A spokeswoman said, "When the initial credit protection contract was signed, we did not anticipate the General Assembly providing another free year of credit protection."

But the department has known for several months now that money was in the budget for just that purpose.

On top of that, those who called the department with questions about the security breach were transferred to Experian's call center. The (Columbia) State newspaper reported that at least one Experian employee was telling those who called, "(The service is) not going to be free anymore. Because we were offering it at such a discount, we were told South Carolina is not going to do it at all."

Experian did not bid on the new contract, saying it didn't offer enough money for the services required. The company says it will cancel renewal contracts for those who want out and said the employee's comments did not reflect "approved information" sent to company agents.

Canceling renewals is the least the company can do. It also should point out the fine print in the company's 99-cents-a-month email solicitation, which states: "Limited time only. Terms subject to change without notice."

The State newspaper lists these important points for people to know:

  • Hacking victims who enrolled with Experian for state-paid credit monitoring after the security breach have a year before their free coverage ends. Taxpayers were able to enroll from October through March.

  • The state could offer free credit monitoring for at least five years.

  • Those who enrolled with Experian will have to sign up with the new state-funded credit-monitoring service when it is announced.

  • Taxpayers can buy their own credit-report protection and receive a state tax deduction ranging from $300 to $1,000.

  • Those whose information was stolen should do what they can to protect themselves from identity theft. That includes pushing the state do all it can to protect us, and it includes not assuming state officials are on top of this.

    The Island Packet is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

    Commenting FAQs | Terms of Service