S.C. law limits possible payouts in lawsuits over hacking to $600,000

  • Follow Metro

COLUMBIA — One lawsuit already has been filed against South Carolina’s revenue department over a hacking scandal that could affect millions of tax returns, and more litigation is expected – but even if the plaintiffs win, they could get just pennies apiece.

The reason: State law limits the amount that public agencies can be ordered to pay for negligence.

Last week, Gov. Nikki Haley and other officials announced that roughly 3.6 million personal South Carolina income tax returns had been put in danger after an international hacking attack. State officials later said that up to 657,000 businesses were also compromised in what some experts have said may be the largest ever cyber-attack against a state tax department.

On Wednesday, attorney John Hawkins – a former Republican state senator – sued Haley and Department of Revenue director Jim Etter for negligence. Hawkins said the state should have taken more steps to protect taxpayers’ information and called the hacking of millions of personal records a class-five “cyber hurricane.”

Haley, who opposed Hawkins’ attempt this year to regain his Senate seat, has discounted the lawsuit.

Hawkins wants class-action status and says he hopes to represent all taxpayers whose Social Security numbers and credit card information were compromised. It will be up to a judge whether to grant that request, and Hawkins says his office has already fielded 100 calls from people interested in joining up.

Since the 1980s, however, South Carolina law has limited the liability of public agencies in negligence cases to $600,000 per occurrence. This means that if a judge considered the hacking to have been a single event and 3.6 million individuals sued the Department of Revenue and won, their maximum takeaway would be just $0.16 apiece.

Hawkins says he has a good legal argument that the cap shouldn’t apply in this case but wouldn’t go into details Thursday.

Ken Suggs, a Columbia attorney who heads up his firm’s business litigation division, said getting around the cap could be difficult unless a judge rules that the word “occurrence” didn’t mean the hack itself but instead applied it to the days on which the thief actually used the stolen information.

Legal language aside, legislators have tackled the cap before. Last year, after dozens were injured and a 6-year-old boy was killed in the crash of a children’s train ride operated by Spartanburg County, state lawmakers considered allowing local governments to choose whether to pay out claims more than $600,000. Families argued that they faced mounting bills and were unfairly limited by the cap, which is imposed regardless of how many people seek to recover.

That bill died in committee, but similar legislation could resurface when legislators reconvene in January.

“I believe that it is worth us at least taking a look at it,” said state Sen. Vincent Sheheen, an attorney and Camden Democrat who lost the governor’s race to Haley in 2010. “You have to balance the cost to the state as a whole and to the very real injuries that the state sometimes inflicts on other people.”

Sen. Larry Martin, chairman of the Judiciary Committee that would consider such legislation, said he viewed the lawsuit as premature.

“There are a lot of things about this case that we still just don’t know,” said Martin, R-Pickens. “All of us as taxpayers are responsible. Whatever hit this is to the state, we’re going to somehow bear the cost for it.”


COLUMBIA — A credit monitoring service offered to taxpayers after a massive security breach at South Carolina’s tax collection agency will not prevent account fraud, nor will it alert victims to all types of identity theft.

The service will help victims discover more quickly when new credit accounts are fraudulently opened in their name. But consumer advocates say residents must be proactive, even after signing up for the Experian service.

Gov. Nikki Haley has repeatedly urged residents to sign up for ProtectMyID. The program provides daily monitoring of all three credit bureaus for the next year and lifetime advice in resolving identity theft after it happens.

ProtectMyID will alert customers via e-mail or text when a new credit account has been opened. It can’t track the fraudulent use of existing credit cards or bank accounts.

– Associated Press

Comments (5) Add comment
ADVISORY: Users are solely responsible for opinions they post here and for following agreed-upon rules of civility. Posts and comments do not reflect the views of this site. Posts and comments are automatically checked for inappropriate language, but readers might find some comments offensive or inaccurate. If you believe a comment violates our rules, click the "Flag as offensive" link below the comment.
OpenCurtain 11/02/12 - 09:00 am
Get off their backs

and let them investigate the cause, fix it, release their findings, and quit show boating for headlines and new clients.

OpenCurtain 11/02/12 - 09:10 am
Regarding the Lawsuit Cap

Remember it is YOU the TAXPAYER that foots the bill.
Also remember in class action lawsuits the lawyer gets between Half and 2/3's of every dollar collected.

So who is really is really hurting who?
The state law that caps lawsuits, or the Lawyers that suffer nothing and get 1/2 or 2/3's of the settlement and retire $millionaire$.

eg. John Edwards the lawyer, and later US senator and 2008 presidential candidate from NC. John Edwards sued the American Red Cross three times.

KSL 11/02/12 - 09:36 am
Has anyone actually been

Has anyone actually been damaged by the hacking yet?

Little Lamb
Little Lamb 11/02/12 - 09:36 am
New Number

Hey, I just got an idea. I recently had my credit card number stolen and some fraudulent charges put on it. The credit card issuer was johnny on the spot, voided the charges, and issued me a new card. I have had no problems since. Of course, the new card had a new number on it.

Couldn't they solve this problem by having the Social Security Administration issue new Social Security numbers to those affected?

OpenCurtain 11/02/12 - 10:18 am
Little Lamb - Issuing new numbers

would be a DATA correlation nightmare for US Gov, industry and commerce.

Judicial system,
Law Enforcement,
Credit reporters,
School records,
US ID laws,
Travel no fly lists,
Permits and possibly 100's more.

As much as I hate it and have protested the very idea.
Maybe it is time to have a National ID card system to protect privacy, us, drastically reduce illegal immigration hiring and ID fraud.

Considering we are 3/4's of the way there, as the last GA lic. requirements proved. But I could only be ok with it, IF the proper safe guards were in place and mandated as a UNCHANGEABLE bill of rights for citizens and use limits.

Back to Top
Search Augusta jobs