Class-action lawsuit expanded in SCDOR hacking case - FOX Carolina 21

Class-action lawsuit expands in SCDOR hacking case

Posted: Updated:
GREENVILLE, SC (FOX Carolina) -

An Upstate law firm has expanded its class-action lawsuit to include two new defendants, another state agency along with a data security corporation, in connection with a hacking case that resulted in theft of 3.6 million Social Security numbers.

The Hawkins Law Firm filed the initial suit Oct. 31 in Richland County against South Carolina Gov. Nikki Haley and the state Department of Revenue, accusing Haley and the state tax agency of failing to protect the citizens of South Carolina and violating a state law that requires prompt disclosure of breaches.

On Monday, the suit was expanded to include defendants' private corporation Trustwave, a Delaware-based company, and the Department of State Information Technology (DSIT).

Attorney John Hawkins said as more information was made known Friday that the tax agency used Trustwave for its security monitoring services in lieu of DSIT, more people needed to be held responsible because the case was no longer just about suing state government.

Hawkins said the lawsuit against Trustwave shows that not only did their company fail to protect public data, but it failed to notify the public immediately as required by state statute. He told FOX Carolina that DSIT served as the "back bone" of the revenue's system, which Trustwave was to protect.

"The public is forced with threat of jail to pay taxes and give their personal information to SCDOR, and yet SCDOR took only the flimsiest steps to protect this private data, leaving South Carolina the most vulnerable target for hackers of any state in the Union," Hawkins said.

According to the revenue department, they used Trustwave because DSIT's program did not audit PCI compliance, which is required for use with credit card numbers. According to Hawkins, PCI compliance does not apply to social security numbers and is not an excuse for the tax agency to use more robust and readily available security systems, like those offered by DSIT.

FOX Carolina received the following statement from Trustwave about the lawsuit: "Trustwave policy is not to comment on pending legal matters."

Haley, along with Department of Revenue Director James Etter and State Law Enforcement, announced Oct. 26 that an international hacker had breached tax records. 

As a result of the hack, approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers were accessed along with tax information for thousands of South Carolina businesses.

According to Etter's initial release, investigators discovered that a hacker attempted to access the system several times in August and September.  The statement said it is believed the hacker successfully obtained data for the first time in mid-September.

The statement said "the vulnerability in the system" was secured to the best of the department's knowledge Oct 20. According to a letter from DSIT released Friday, the revenue department began using their network monitoring services Oct. 20.

The state has set up a year of daily monitoring of the three credit bureaus and a lifetime of over-the-phone help on resolving identity theft after it happens. People are asked to visit protectmyid.com/scdor and enter code SCDOR123 or call 1-866-578-5422 to determine if their Social Security number was accessed.

Haley said Wednesday that Dun and Bradstreet Credibility Corp. will offer free credit-monitoring service to any businesses affected by the hacking case. She said the businesses can sign up for the service at dandb.com/sc or by calling 800-279-9881 beginning at 8 a.m. Friday.

Copyright 2012 FOX Carolina (Meredith Corporation). All rights reserved.

More News

SIDEBAR - More stories on SCDOR hacking case

Updated:

More stories on the South Carolina Department of Revenue hacking investigation. More>>

Powered by WorldNow
Fox Carolina
Powered by WorldNow CNN
All content © 2014, WHNS; Greenville, SC. (A Meredith Corporation Station) and WorldNow. All Rights Reserved.
For more information on this site, please read our Privacy Policy and Terms of Service.