Haley: SC citizens get lifetime fraud resolution
By Robert Kittle
After a security breach that exposed the personal information of 3.6 million South Carolina taxpayers, one of the biggest concerns a lot of them have is what happens after the year of free credit monitoring the state is providing is over? Couldn't the hacker or hackers sit on the information and use it more than a year from now?
Gov. Nikki Haley announced Tuesday that people who sign up for the free credit monitoring will get a lifetime of fraud resolution protection. "What you will have is fraud resolution for life, monitoring for a year, and then we need to monitor for ourselves after that. Whether we choose to go through a program or whether we choose to do it any other way, we need to start doing that going forward," she said at the Statehouse.
She also answered again a question many parents have. Their children's names and Social Security numbers are on the parents' tax returns, so how are the children protected? The governor says when a parent signs up for the credit monitoring service, Experian, the company providing the service, will also cover any minor children on that parent's tax return.
There's also better news about the credit card information that was stolen during the security breach. About 387,000 credit and debit card numbers were in the data that the hacker stole, but most of those card numbers were encrypted. Only 5,000 credit card numbers were taken that were not encrypted, and Haley announced Tuesday, "Of all 5,000 that were taken, they were all expired. Every one of them was expired. So not one single active credit card was taken."
She also said that she had negotiated with Experian to limit the fee the state will pay for the credit monitoring at $12 million, regardless of how many of the 3.6 million people actually sign up.
State Senate Finance Committee Chairman Hugh Leatherman, R-Florence, says of the $12 million, “Course it would come from the taxpayers. Nowhere else for it to come from.” He said it's too soon to know whether it would come from the state's reserve accounts or lawmakers will put the expense in next year's regular state budget.
The Finance Committee had an emergency meeting Tuesday afternoon to get answers from Department of Revenue Director James Etter. Several senators said they've heard from a lot of their constituents wanting to know why they have to go to the trouble of signing up for the free credit monitoring. Why can't the Department of Revenue just automatically sign up the people whose information was exposed?
Etter told senators that privacy laws prevent that, and that, in signing up, a person has to choose things like a user name, password and verification question and answer that the department would not be able to do.
Updated: Oct 30, 2012
Gov. Nikki Haley, SLED Chief Mark Keel, DOR Director Jim Etter to hold press conference Tuesday. State officials will provide update on S.C. DOR information security breach.
Governor Nikki Haley, South Carolina Law Enforcement Division (SLED) Chief Mark Keel and South Carolina Department of Revenue (DOR) Director Jim Etter will hold a press conference on Tuesday, at 9:15 AM to update the people of South Carolina on the DOR information security breach and discuss what every South Carolinian can and should do to protect themselves.
Our State House Reporter Robert Kittle will be there to bring you the latest information.
Updated: October 29, 2012
South Carolina Gov. Nikki Haley tried to calm and reassure taxpayers Monday after a weekend of frustration and worry about their personal information. An international hacker was able to get into a database at the state Department of Revenue in mid-September, stealing 3.6 million Social Security numbers and 387,000 credit and debit card numbers. The breach affects anyone who filed a South Carolina tax return since 1998.
The state is offering one year of free credit monitoring and fraud protection, which taxpayers get by calling a toll-free number (1-866-578-5422) or going to protectmyid.com/scdor.
Originally, taxpayers had to call the phone number first to get an activation code for the website, but because the phone lines were jammed over the weekend and a lot of people couldn't get through, she announced the code at a news conference Monday.
If you go to protectmyid.com/scdor, it will ask for the activation code at the bottom of the page. That code is SCDOR123.
"What do we do if there is someone elderly or someone that does not have access to a computer? You can call that 800 number. They will walk you through it. They will do it for you. So you don't have to go and worry about not having a computer," Haley says.
Parents are also worried about their children, whose names and Social Security numbers are listed on their tax returns. Haley says, "Once you have signed up for that credit protection, you will get an email or a letter within the next few weeks where they have matched up the minors that were on those tax returns. The minors will also be covered. And they will make sure that they get you on a family plan, so there is no one that is not going to have the protection that they need."
She says the state is also working with the Department of Defense to make sure members of the military who filed a South Carolina tax return and may be out of the country will know what's happening and what to do.
There was also a lot of criticism over the weekend from people wondering why they weren't notified about the breach until October 26th, when the Department of Revenue found out about it on October 10th.
State Law Enforcement Division Chief Mark Keel says, "The timing of notifying the public and making this public was dictated by law enforcement. It was done because we were conducting an investigation. We were trying the best we could to try and protect this information, as much as we possibly could and, by allowing us the time that we had to conduct our investigation, we believe that this information is better protected than it would have been otherwise."
He wouldn't give any more details about the investigation since it's still going on.
Many taxpayers have also wondered why the Department of Revenue didn't encrypt Social Security numbers. Haley says, “The industry standard is that most Social Security numbers are not encrypted. A lot of banks don’t encrypt. A lot of those agencies that you think might encrypt Social Security numbers actually don’t because it’s very complicated, it’s cumbersome and there’s a lot of numbers involved with it. So it’s not just that this was a Department of Revenue situation; this is an industry situation.”
She says the hole that the hacker or hackers used has been plugged, and the state is taking a look at the computer systems of all state agencies to look for vulnerabilities.
You may remember that, back in February, we told you that foreign hackers, mostly from China, had tried at least 90 times to hack into the Department of Motor Vehicle's database. The cyber-security measures at the DMV were able to block all of those attempts.
Posted: October 26, 2012
An estimated 3.6 million Social Security numbers and 387,000 debit card numbers were exposed to international hackers. The South Carolina Department of Revenue's website was hacked multiple times in 2012.
Rob Godfrey with the Governor’s Office confirms that Governor Nikky Haley, SLED Chief Mark Keel, and other State Officials will hold a 10 a.m. statehouse news conference on the security breach Monday.
The state says they will provide 1 free year of credit monitoring for anyone who has had their information compromised. 7 On Your Side Wants to know if this is enough.
Expert Brent Bishop from CredAbility says Experian is the company who will be monitoring your credit and they are one of the three biggest agencies.
Bishop says you can take your safety a step further too. You can put a freeze on your credit information so only agencies or banks that you want to see the information can do so. A company that wishes to do a credit check will need your permission.
"If there was a change in the report or a new inquiry or something, it would be able to send a email or text alert, so the person could check or follow up on it," said Bishop.
A fraud alert will also allow your purchases to be monitored so if someone makes a charge that's abnormal, you'll be notified.
Bishop says it's a good idea to check your accounts regularly, even daily, to make sure no one is charging, even something small, with your money.
"Maybe a few smaller charges got through and so they start realizing they can start trying the bigger ones later on. These guys are good at what they do and very smart," said Bishop.
Jana Durham is a victim of identity theft and had her credit card number stolen twice since April. She warns anyone who might be impacted to get the free monitoring.
The state says anyone who has filed a South Carolina tax return since 1998 should take the following steps:
1. Call 1-866-578-5422 where you will enroll in a consumer protection service. The call center is open 9 a.m. to 9 p.m. Monday through Friday and 11 a.m. to 8 p.m. Saturday and Sunday.
2. Then you will determine if you wish to have an online or US Mail alert mechanism.
3. For the online service, click here. For the US Mail service, you will receive notifications via the US mail.