Class-Action Says Haley 'Grossly Negligent' in Hacking
By Sarita Chourey
Morris News Service
November 1, 2012 — COLUMBIA -- A former state legislator has filed a class action lawsuit against Gov. Nikki Haley and the S.C. Department of Revenue, alleging the state failed to protect the citizens from having their personal information exposed in a database hacking.
On Friday Haley and other officials announced that 3.6 million Social Security numbers had been exposed when an international hacker broke into the state system.
Since then the hole has been plugged, said the Republican governor, and a hotline has been put into place to allow taxpayers to sign up for free credit monitoring and fraud resolution. A Senate committee met on Tuesday to question the revenue department head, James Etter, and expressed possible solutions.
On Wednesday, former state Sen. John Hawkins' law firm announced its class-action suit, which was filed in Richland County Court of Common Pleas.
"This hacking amounts to a 'Cyber Hurricane,' and it's a Category 5," said the former Republican lawmaker in a statement.
"Tragically for the people of South Carolina, there were cost effective, non-cumbersome steps that could have been taken by these defendants. But for whatever reason, they were not. The basis of this lawsuit is that the defendants were grossly negligent in their failure to prevent what they should have seen coming, and that they failed to notify the public of the breach in a timely manner."
Haley has said the hacking could not have been avoided and no state employees are facing disciplinary actions.
South Carolinians who had paid taxes since 1998 were urged to call an 866 telephone number and visit a Web site to sign up for credit protection at the taxpayers' expense.
State officials have negotiated a contract with Experian, capped at $12 million, for credit protection. Officials defended their decision to wait 16 days before notifying the public of the beach by saying the disclosure would have hindered the investigation.
On October 16, investigators discovered two attempts to hack the system in early September, and later learned that an earlier attempt was made in late August, according to the revenue department.
The agency said Friday that there had been two other breaches in mid-September, "and to the best of the department's knowledge, the hacker obtained data for the first time."
Although the current attack is being blamed on an international data thief, an incident earlier in the year was tied to a state employee.
In April, the S.C. Department of Health and Human Services discovered that an employee working within the Medicaid program had moved the personal information of 228,435 Medicaid beneficiaries into his personal email account.
This story submitted from Chourey, Sarita using email address email@example.com