Blume: Revenue working to restore credibility

  • Posted: Tuesday, April 23, 2013 10:53 p.m.
    UPDATED: Tuesday, April 23, 2013 11:44 p.m.
12/20/10 Columbia, SC: Gov. Nikki Haley official portrait.
Photos by Renee Ittner-McManus/
12/20/10 Columbia, SC: Gov. Nikki Haley official portrait. Photos by Renee Ittner-McManus/

COLUMBIA — South Carolina’s tax collection agency is working to restore its credibility following last fall’s massive hacking of taxpayers’ personal data, its director said Tuesday.

“Our new mantra at the department – and you’re going to find this hanging on every door that’s available, and you can find this on every screen saver – is that ‘security is non-negotiable,”’ said director Bill Blume.

The encryption of taxpayers’ stored data and dual authentication for remote log-ins is complete, he said. Those are the two things that computer forensic firm Mandiant determined could have prevented the theft of millions of taxpayers’ Social Security and bank account numbers last September.

Other recommendations for preventing a future cyberattack are under way. All should be wrapped up by next summer, Blume said.

His progress report came during Gov. Nikki Haley’s Cabinet meeting. He gave no details on the incomplete work.

He said 24-hour monitoring by the state’s computer technology division resulted in two alerts last month, which were handled without the loss of data.

But Blume, who took the agency’s helm in January, said the greatest threat to security is employees’ judgment and actions. The hacking stemmed from an employee who clicked on a phishing email.

Steps taken to address that include employee training. Employees are also barred from using their computers during lunch or after hours for anything not business-related.

“Those two things have stopped a lot of the issues,” Blume said.

Haley told her other Cabinet directors to implement the same training and requirements for their employees.

“This is the blueprint our administration needs to use in every agency,” she said.

The cybertheft of unencrypted data from revenue’s servers represented the nation’s largest hacking of a state agency, affecting 6.4 million residents and businesses. The cleanup since state officials learned of the breach Oct. 10 from the U.S. Secret Service has cost $25 million so far, with the largest single contract of $12 million going to Experian to cover a year of state-paid credit monitoring for residents who signed up by last month’s deadline.

A bill approved by the Senate would extend credit monitoring for up to 10 years.

Other costs of the cleanup included $840,000 paid to Mandiant to, among other things, plug the security hole, determine what happened and make recommendations.

Encryption was recently completed under a $4 million contract. The extra login step for laptops was put in place in January, at a cost of just $12,000, which covered the licensing and purchase of about 300 tokens that provide ever-changing passwords, according to the revenue agency.

“We’ve got a credibility gap that I think we’re making good progress toward improving, but unless we can demonstrate that to everyone, we’ll still be behind the ball,” Blume said Tuesday.

Comments { }

Commenting rules: Do not post offensive, racial or violent messages. Responsibility for the statements posted lies with the commenter, not Click 'report abuse' for any comments that you feel should be removed from the site. However, is not obligated to remove any comment posted on the site. Moderators do not have the ability to edit comments. Read the terms of use.