COLUMBIA — People affected by the massive hacking of South Carolina’s Revenue Department servers are being offered another year of free credit monitoring. But they’ll have to sign up again, this time with a different company than the state used previously, as officials outlined on Tuesday.
Enrollment begins next week for protection through CSIdentity Corp. South Carolina is paying the Texas company up to $8.5 million to provide credit monitoring to people affected by the September 2012 theft of unencrypted information from the Revenue Department’s computer servers.
Credit bureau Experian had been doing that work for nearly 1.5 million people under a $12 million contract. Handled as an emergency situation, that contract was signed without competitive bidding.
Everyone affected by the hacking is eligible for CSID’s services, but the service will not transfer, so they’ll have to sign up again. During a news conference at the Statehouse, Gov. Nikki Haley said that she’s received no pushback from people frustrated at having to sign up a second time.
“No complaints so far. I don’t anticipate any,” Haley said. “People are thankful that we are continuing the protection.”
During the past year’s budget debate, legislators were critical of Experian’s after-the-fact notifications of opened credit accounts. They sought better protections and designated $10 million for the first year of a five-year contract.
People interested in the service can call CSID at 855 880-2743 or visit www.scidprotection.com.
CSID President Ross said telephone landlines throughout the state will receive automated telephone messages with sign-up information, and the company is taking out radio and newspaper ads throughout the state.
“We are highly motivated to get the message out,” Ross said.
Part of that motivation hinges on the fact that, under the contract, CSID’s fee is tied to user sign-ups. The $8.5 million figure is the maximum the company could be paid, and Ross said he expected sign-ups to be on target with Experian’s numbers.
Unlike the deal with Experian, taxpayers have a full year to sign up with CSID, as late as Oct. 1, 2014. The service would end for everyone on Oct. 31, 2014, unless the Legislature funds a third year in the 2014-15 state budget. The contract allows the state to renew yearly through October 2018, at a cost of $6.5 million annually.
CSID’s service differs from Experian in that it monitors a variety of databases for fraudulent use of personal information, including payday loans, sex offender registries and online chat rooms where cyber-thieves sell and buy information.
Addresses will be monitored to catch the possibility of mail being fraudulently redirected, while court documents will be tracked in case criminals use an enrollee’s stolen ID when they’re arrested. The tracing of Social Security numbers should alert enrollees to someone creating a false address or alias using their information.
Like Experian’s Family Secure program, CSID also offers the protections for children. There are also different protections for businesses.
The U.S. Secret Service is investigating the hacking. No arrests have been made, and no new information on the incident has been released in months.