Circuit Judge G. Thomas Cooper Jr. said the lawsuit had failed to prove Gov. Nikki Haley and other government officials had harmed the public by conspiring to keep news of the hacking secret. The order also said the lawsuit couldn’t show that anyone had been harmed because of the breach.
“There is no injury that the court can currently remedy, as no actual harm has been alleged,” Cooper wrote.
Former state Sen. John Hawkins filed the lawsuit last year after officials announced that a cyber-thief had hacked into the state revenue agency’s servers, taking unencrypted data from more than 6 million residents and businesses in the nation’s largest hacking of a state agency.
Hawkins accused agencies of failing to protect taxpayers and conspiring to keep news of the hacking from the public. The data was extracted Sept. 13 – the last of several system intrusions since August. Jim Etter, who resigned as revenue director at the end of last year, has said state officials didn’t learn of the breach until Oct. 10, when the U.S. Secret Service informed state law enforcement.
Hawkins said he didn’t know whether he would appeal the ruling but that he would keep fighting the issue.
“Obviously, we’re disappointed, but this is an evolving area of the law,” the former Spartanburg Republican senator said. “Hacking is a relatively new phenomenon. Areas of the law have not caught up yet to the real meaning of what
hacking is in this new era we live in.”
Hawkins said he disagreed with the judge that there were no damages to taxpayers. He said the people whose information was stolen had already suffered irreparable harm.
Haley spokesman Rob Godfrey said the governor would keep finding ways to safeguard South Carolinians’ information against any future problems.
The Revenue Department has been approved for a $20 million loan from the state’s insurance reserve fund to pay for the government’s hacking response. The largest chunk of that – $12 million – has been paid to the credit bureau Experian, which is providing a year’s worth of state-funded credit monitoring to any taxpayers who sign up by the end of March.
Proposed legislation would extend that state-paid credit monitoring up to a decade.
Legislative panels have been investigating the breach. Last month, the revenue department’s former chief information officer accepted partial responsibility for the cyber-theft, questioning why his staff didn’t catch it and telling a House panel that he knew nothing about the hacking when he was forced to resign Sept. 21.