I know you share my outrage with the ongoing situation at the Department of Revenue. I have been assigned to co-chair (with Sen. Billy O’Dell, R-Abbeville) a Senate Committee to investigate our state’s historical data security breach. This committee is committed to digging as deep as necessary to find out what happened and what we need to do moving forward.

My first and foremost concern is all taxpayers, individuals and businesses, seek and receive all of the protection and assistance currently offered through Experian, their bank and their credit card company. I encourage all of you, if you have not already done so, to communicate with each of these and to ensure that you are fully aware the best course for protecting yourself and your family.

The best way to enroll in the protection with Experian is online. Log on to www.protectmyid.com/scdor enter code: scdor123. You may also call Experian at 1-866-578-5422. You will not be charged for the first year, however, we are exploring options to extend this coverage. When this type of information gets into the wrong hands, lifetime protection is essential. I encourage businesses to enroll in protection offered by Dun and Bradstreet. This may be done at www.dandb.com/sc. Some constituents are going a step further by freezing their credit with the major credit agencies. If you wish to do this, here is their contact information:

Equifax www.equifax.com
(888) 397-3742
Experian www.experian.com (866) 578-5422
TransUnion www.transunion.com (800) 888-4213

My second concern is that the facts surrounding this incident seem to change too frequently. We first were told that this was an international criminal and had nothing to do with internal activities or policy, but then we learned that the data was accessed with SCDOR employee credentials. Those two are not necessarily incompatible, but does open more questions. We were told that SCDOR could have done absolutely nothing differently to protect us. We then found out, though, that not only was our data not encrypted but also that SCDOR refused a free data monitoring service offered by the state’s IT department. When I asked the SCDOR director how much encryption would have cost, he replied “not very much”. I am very displeased that we continually are discovering that not only could more have been done but also that it would have been at minimal, if any, cost. Failure to do everything possible to protect taxpayer data simply is inexcusable.

My third concern is what we are doing to address this issue going forward. The state does maintain databases in other agencies that have sensitive information. I look forward to hearing from other agencies as to what they are doing to maximize the protection of our sensitive information. I will update you as that effort moves forward.

The Senate Finance Committee had an emergency meeting this week, and I have another meeting next week to make sure appropriate action is taken.

I want to stress again that everyone needs to take the available steps to protect themselves and their families. The easiest way is online, so please inform anyone you know that may be unfamiliar with computers, to seek help. Please contact me if you need any more information or if you have any difficulty with the credit monitoring service offered by Experian.

As the information of this crisis is changing daily, I will be giving updates on this website.

Gov. Nikki Haley thanks utility companies and electric cooperatives for assisting state response to DOR breach

COLUMBIA, S.C. – Governor Nikki Haley today announced that public and private utilities and the twenty electric cooperatives of South Carolina are including a message regarding identity theft protection in customers’ electric and gas bills. More than 3.1 million customers across the state will be reached as customers begin to receive messages in November and December bills.

The governor’s office reached out to presidents and chief officers of utility companies and electric cooperatives to ask for assistance in contacting customers in the wake of the South Carolina Department of Revenue (DOR) information technology security breach, and executives were more than willing to offer help.

“As I said yesterday, in the wake of bad people doing bad things, it’s wonderful to see good people stepping up to do good things,” said Gov. Haley. “I can’t thank these companies and executives enough – including Mike Couick from Electric Cooperatives of South Carolina, Keller Kissam from South Carolina Electric & Gas (a SCANA company), Clark Gillespy from Duke Energy of South Carolina and Lonnie Carter of Santee Cooper – for stepping up to help the people of our state. They are great corporate citizens.”

Governor Haley announced that, starting Friday, Dun & Bradstreet Credibility Corp will offer South Carolina businesses that have filed a tax return since 1998 a CreditAlert product that will alert customers to changes taking place in their business credit file. Even something as simple as a change to a business address or a company officer change would set off an alert to the business owner. The cost will be waived for business filing tax returns since 1998. Business owners can visit http://www.dandb.com/sc/ beginning Friday or they can call customer service toll free at this dedicated phone number 1-800-279-9881.

Dun & Bradstreet Credibility Corp Chairman and CEO Jeff Stibel said, “When our nation or our states are in need, Dun & Bradstreet Credibility Corp. will drop everything to help. We are honored to serve this great state and tremendous governor.”

Chairman Hugh Leatherman has called an Emergency meeting of the SC Senate Finance Committee specifically for the purposes of the recent security breach of the SC Department of Revenue

If you call this number, 1-866-578-5422, you’ll get a message with this code:

SCDOR123

You can enter the code and sign up for the identity protection service at http://www.protectmyid.com/scdor (If you decide you wish to sign up, you don’t need to make the phone call.)

Or, you can stay on hold (I’m told up to 40 minutes) and someone will assist you on the phone.

If you decide to sign up online, however, you’ll be required to enter your address, date of birth, and social security number. Let’s only hope this is secure.

At this point, I can’t endorse this unsystematic solution until I get more information. I did, however, sign up myself for protection.

I’ve more questions than answers to the nearly 4 million South Carolinians whose private information may have been breached. As far as the solution to the problem, since the South Carolina Department of Revenue allowed this invasion to take place, why can’t we call each taxpayer affected? Why force the victims to take additional steps? Why inform the public on a late Friday afternoon, then knock off for the weekend? I understand they’ve had warnings since August.

I’ll keep this website up to date as I learn more information.