$20 Million Loan to Cover Breach Costs
South Carolina Lawmakers React with Slew of New BillsThe five-member South Carolina Budget and Control Board has approved a $20.1 million loan to cover costs associated with a breach of the state's tax IT system that exposed personally identifiable information of nearly 4 million taxpayers last summer.
See Also: How to Take the Complexity Out of Cybersecurity
The loan to the Department of Revenue will come from the state Insurance Reserve Fund and is to be repaid by next October, according to a report on the news website GreenvilleOnline. The board expects the money to be repaid by the Legislature.
Meanwhile, state legislators plan to introduce bills associated with the breach, including two measures that would provide state income tax credits or deductions to buy identity theft protection and another to create a state chief information officer post, according to a posting on the website of The State newspaper.
And, a poll conducted for the newspaper by Winthrop University reveals that three of four South Carolinians said the state government did not have adequate protection when hackers accessed state computers. The survey disclosed that 90 percent of South Carolinians had heard about the breach, an unusually high number based on typical news-gathering habits, Winthrop political scientist Scott Huffmon told the newspaper.
The hack has taken a toll on Gov. Nikki Haley's popularity, according to the poll. Only 38 percent of the nearly 1,000 South Carolinians surveyed gave Haley a favorable rating. "It is more likely for those who disapprove of Haley to assign blame for failing to adequately secure the data to the South Carolina government for whom Haley is the public face," Huffmon said. Since the hack, Haley has held a number of press conferences, which are posted on her YouTube channel, discussing the state's response to the breach.
Divvying Up the Loan
Among the expenses the loan would cover include:
- $12 million for contract with Experian, which is providing credit monitoring for a year to individuals whose personally identifiable information was exposed.
- $5.6 million for encryption and dual passwords at the Department of Revenue, which hosts the tax system.
- $1.3 million for direct mail notification of taxpayers.
- $750,000 for the services of Mandiant, the cybersecurity firm hired by the Department of Revenue to investigate and fix the breach.
- $300,000 for the law firm of Nelson Mullins, which provided legal advice to the Department of Revenue.
- $200,000 for public relations work by the firm of Chernoff Newman of Columbia, S.C.
- $20,000 for the electronic searching of taxpayers living outside South Carolina.
The breach, which occurred last summer but wasn't discovered until October, exposed 3.8 million Social Security numbers, 3.3 million bank account numbers and information from almost 700,000 businesses [see Stolen Password Led to South Carolina Tax Breach ].