An Upstate law firm has expanded its class-action lawsuit to include two new defendants, another state agency along with a data security corporation, in connection with a hacking case that resulted in theft of 3.6 million Social Security numbers.
The Hawkins Law Firm filed the initial suit Oct. 31 in Richland County against South Carolina Gov. Nikki Haley and the state Department of Revenue, accusing Haley and the state tax agency of failing to protect the citizens of South Carolina and violating a state law that requires prompt disclosure of breaches.
On Monday, the suit was expanded to include defendants' private corporation Trustwave, a Delaware-based company, and the Department of State Information Technology (DSIT).
Attorney John Hawkins said as more information was made known Friday that the tax agency used Trustwave for its security monitoring services in lieu of DSIT, more people needed to be held responsible because the case was no longer just about suing state government.
Hawkins said the lawsuit against Trustwave shows that not only did their company fail to protect public data, but it failed to notify the public immediately as required by state statute. He told FOX Carolina that DSIT served as the "back bone" of the revenue's system, which Trustwave was to protect.
"The public is forced with threat of jail to pay taxes and give their personal information to SCDOR, and yet SCDOR took only the flimsiest steps to protect this private data, leaving South Carolina the most vulnerable target for hackers of any state in the Union," Hawkins said.
According to the revenue department, they used Trustwave because DSIT's program did not audit PCI compliance, which is required for use with credit card numbers. According to Hawkins, PCI compliance does not apply to social security numbers and is not an excuse for the tax agency to use more robust and readily available security systems, like those offered by DSIT.
FOX Carolina received the following statement from Trustwave about the lawsuit: "Trustwave policy is not to comment on pending legal matters."
Haley, along with Department of Revenue Director James Etter and State Law Enforcement, announced Oct. 26 that an international hacker had breached tax records.
As a result of the hack, approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers were accessed along with tax information for thousands of South Carolina businesses.
According to Etter's initial release, investigators discovered that a hacker attempted to access the system several times in August and September. The statement said it is believed the hacker successfully obtained data for the first time in mid-September.
The statement said "the vulnerability in the system" was secured to the best of the department's knowledge Oct 20. According to a letter from DSIT released Friday, the revenue department began using their network monitoring services Oct. 20.
The state has set up a year of daily monitoring of the three credit bureaus and a lifetime of over-the-phone help on resolving identity theft after it happens. People are asked to visit protectmyid.com/scdor and enter code SCDOR123 or call 1-866-578-5422 to determine if their Social Security number was accessed.
Haley said Wednesday that Dun and Bradstreet Credibility Corp. will offer free credit-monitoring service to any businesses affected by the hacking case. She said the businesses can sign up for the service at dandb.com/sc or by calling 800-279-9881 beginning at 8 a.m. Friday.
Copyright 2012 FOX Carolina (Meredith Corporation). All rights reserved.
Friday, August 22 2014 11:40 PM EDT2014-08-23 03:40:39 GMT
Officials with the Charleston Police Department say a 15-year-old is in custody after he got rid of a gun at the Altman Athletic Center at The Citadel during the Sertoma finale. Police say it all started when a citizen told them someone had a gun. More >
Officials with the Charleston Police Department say a 15-year-old is in custody after he got rid of a gun at the Altman Athletic Center at The Citadel during the Sertoma finale. Police say it all started when a citizen told them someone had a gun.
A fisherman off the coast of Bonita Springs, Florida thinks he has a pretty nice catch. As he reels in a four-foot shark, his catch is stolen by an even bigger fish. A massive grouper pulls the sharkMore >
A massive grouper steals a four-foot shark from a fisherman's line off the coast of Florida.More >
Saturday, August 23 2014 2:08 AM EDT2014-08-23 06:08:06 GMT
The Homeland Security Department is warning that more than 1,000 retailers could have a new malicious software program lurking in their cash registers that allows computer hackers to steal financial data about...More >
More than 1,000 U.S. retailers could be infected with malicious software lurking in their cash register computers, allowing hackers to steal customer financial data, the Homeland Security Department said Friday.More >
Saturday, August 23 2014 12:04 AM EDT2014-08-23 04:04:44 GMT
Police in Sumter County are looking for a man wanted in the assault of a woman while she slept.The Sumter County Sheriff's Office is looking for Lashonda Dennis, 35, of Rembert. In May, a woman told deputiesMore >
Police in Sumter County are looking for a man wanted in the assault of a woman while she slept.More >