COLUMBIA, S.C. (AP) - Democratic Sen. Vincent Sheheen tried Thursday to force Republican Gov. Nikki Haley’s administration to release the full report on how millions of taxpayers’ personal data was stolen in 2012, saying people deserve to know.
But the idea drew opposition from State Law Enforcement Chief Mark Keel, who said disclosing the details would hurt the ongoing investigation. The U.S. Secret Service also opposes the release, he said. Keel declined to discuss the case or anything in the report.
Sheheen’s budget amendment was eventually thrown out on a technicality after senators refused to kill it. Republican Lt. Gov. Glenn McConnell cast that tie-breaking vote. Senate Judiciary Chairman Larry Martin accused Sheheen of playing politics with a law enforcement matter. Sheheen, from Camden, is challenging Haley in November.
“You ought to start that off with ’I’m Vincent Sheheen and I approved this message,’” said Senate Majority Leader, R-Gaffney.
Sheheen’s proposal would have required the Department of Revenue to post an un-redacted Mandiant report on its website. The computer forensic firm was paid $750,000 to determine what happened and make technology recommendations. Haley released a public summary of Mandiant’s findings in November 2012, a month after announcing the nation’s largest hacking of a state agency.
Sheheen said that’s not good enough. It’s understandable to withhold information for a few months amid security improvements, but not 20 months later, he said.
“The people whose information was hacked into deserve to know what happened,” he said. “Openness and transparency trump other arguments. While I respect law enforcement, law enforcement tends to want to keep things secret more than elected leaders should follow.”
The U.S. Secret Service made state officials aware of the hacking from electronically filed tax returns. The cyber-thief stole unencrypted data from 3.8 million adults, 1.9 million of their dependents and 700,000 businesses.
Sen. Brad Hutto said taxpayers need to know if the state is wasting nearly $50 million on unnecessary credit monitoring. He said he’s been told the federal government paid the cyber-thief not to sell the data, which explains why there’s been no apparent outbreak of identity theft, and the report could confirm that.
“It’s going to lead to embarrassment. It’s going to force someone to explain why they paid a terrorist, even if it’s a cyber-terrorist,” said Hutto, D-Orangeburg.
Both the House and Senate budget proposals include $6.5 million for a third year of state-paid credit monitoring services for affected taxpayers who choose to sign up. The state paid $12 million the first year under a contract Haley negotiated. Under a contract awarded to CSIdentity Corp. last September, the state is paying up to $8.5 million this year and can renew for $6.5 million annually for four consecutive years.
“Since we’ve gotten hacked, we’ve continued to throw good money after bad,” Hutto said. “Let’s just quit spending the money.”
During last year’s budget debate, Hutto called on Haley to reveal any knowledge of a ransom related to the cyber-breach. Her administration directed all questions to SLED and the U.S. Secret Service, which declined comment.
Martin seemed to confirm the idea as he argued against the report’s release.
“If people’s information had gotten out, we’d all raise a ruckus, but what’s happened though - whatever steps have been taken by our federal government - they were able to keep this information from getting loose,” he said at the podium. “I think our information has been preserved.”
He later told reporters he knew no details and had not seen the report. Legislators can view the report in Haley’s office if they sign a confidentiality agreement. All five members of the Budget and Control Board have the report and have agreed not to disclose anything, according to Haley’s office. The five-member board chaired by Haley includes Senate Finance Chairman Hugh Leatherman, R-Florence.
He opposed the report’s release.
“If there’s people identified in that report, I wonder if there’s anything that would tip off the hackers who are being investigated by Secret Service,” he said. “I don’t want to give the criminal a heads up.”
Please read our comment policy before commenting.