COLUMBIA — A former state senator has filed a class-action lawsuit against Gov. Nikki Haley and the South Carolina Department of Revenue, alleging the state failed to protect residents from having their personal information exposed in a database hacking incident.
The lawsuit was filed in the Richland County Court of Common Pleas.
On Friday, Haley and other officials announced that about 3.6 million tax returns from as far back as 1998 had been exposed when a foreign hacker broke into the state system.
State and federal officials are investigating the hacking they say might have started in August and was discovered last month. They say the vulnerability in the system was fixed Oct. 20.
“I believe it might actually be the largest against a state government, but certainly of a state tax department,” said Paul Stephens, of the Privacy Rights Clearinghouse based in San Diego.
“We’ve never heard of anything like this, so I think you can say that,” said Verenda Smith, the deputy director of the National Federation of Tax Administrators.
A Senate committee met Tuesday to question the revenue department head, James Etter, and discuss solutions.
On Wednesday, former state Sen. John Hawkins’ law firm announced its class-action suit.
“This hacking amounts to a ‘cyber hurricane,’ and it’s a Category 5,” the former Republican lawmaker said in a statement.
Haley, who opposed Hawkins’ attempt this year to regain his Senate seat, discounted the lawsuit.
“There is a trial lawyer with a hand out and a tissue ready at any crisis, and he has just proven that,” the governor said.
Haley has said the hacking could not have been avoided and no state employees are facing disciplinary action.
Officials defended their decision to wait 16 days before notifying the public of the breach by saying the disclosure would have hindered the investigation.
Anyone who paid taxes in South Carolina as early as 1998 was urged to visit www.protectmyid.com/scdor to register for protection and type in SCDOR123, or call (866) 578-5422.
State officials have negotiated a contract with Experian, capped at $12 million, for credit protection. As of Wednesday, 418,000 people had enrolled in a credit monitoring service the state offers through Experian.
The 3.6 million tax returns filed since 1998 included millions of Social Security numbers and about 387,000 credit and debit card numbers that were also exposed, 6,000 of those unencrypted. Tax information from businesses across the state may also have been accessed.