I’ve asked that before, and I am prompted to ask it again after seeing this release from the Sheheen campaign:
Two Years After First Hacking Breach, Sheheen to Haley: “You Broke the People’s Trust”
Sheheen demands honesty & accountability in letter to Governor Haley, calls for answers following continued reports of South Carolinians’ information being in jeopardy
Camden, SC — Today Sen. Vincent Sheheen sent a letter to Governor Haley, exactly two years after a malicious email opened a hole in the Department of Revenue that allowed 3.4 million people’s Social Security Numbers to be stolen.
The text of Sen. Sheheen’s letter is below.
August 13, 2014
Dear Governor Haley,
I write today to demand honesty and accountability for the people of South Carolina.
Two years ago, weak cybersecurity measures at the Department of Revenue allowed a malicious email to open a hole for a hacker to steal our citizen’s most private financial information. The people of our state demanded answers, and received no response, just a secret report. Less than one year ago, I wrote to you on the October anniversary about the safety and security of the people’s information to ask for answers regarding ongoing activities by Experian, and received no response.
Now, reports of an alarming nature have made headlines recently detailing an additional hacking at the credit-monitoring agency you handpicked to provide services to the people of South Carolina. CNN and TV stations here in South Carolina reported that not only was Experian hacked, but they also have been selling personal information of their members to third parties. So it’s time to demand answers once again.
After the Department of Revenue was hacked under your watch, the people of South Carolina were essentially forced to sign up for credit monitoring with Experian, the company which received a no-bid contract from you to handle credit monitoring. Now they are seemingly at risk once again because they trusted that the government had done its due diligence in securing the contract and negotiating the terms.
Leadership is about honesty and trust. When your Department of Revenue was hacked and you covered it up for 16 days, you broke the people’s trust. When you pushed through a no-bid contract with Experian, with no conditions to safeguard the people’s most personal information further, you broke the people’s trust. Every day you refuse to make public the secret report on what happened rather than being open with your constituents – you break the people’s trust. And as our citizens’ information is at risk yet from another breach, we have to read about it in the news once again before the people of South Carolina hear it from you.
South Carolinians deserve to know whether the contract you negotiated allows Experian to sell their personal information to third parties. They deserve to know if they are at further risk from the subsequent hacking of the company. Most importantly: the people deserve to hear about these events straight from their Governor and they deserve real answers instead of having to rely on passing reports in the news.
Because honest leadership is also about accountability– about putting our people first, and always being on their side. At every step in this hacking crisis, from the initial delay in informing the people to still refusing to release the final report on what happened, your administration has chosen to operate in secret and you have failed the most basic test of leadership. That is unacceptable. The people of South Carolina deserve much better.
This latest development in the Department of a Revenue hacking scandal is just the latest example in the long pattern of secrecy in your administration and it is beyond disappointing. The people of South Carolina deserve a governor they can trust.
I have written to the CEO of Experian asking for a full accounting of who in South Carolina is at risk due to the additional hacking. I have also requested clarification on the terms under which they are allowed to sell our people’s most personal information to share with the public so they are fully aware of where things stand.
I hope that you will not stand in the way of transparency and honesty any further as we continue to restore the broken trust and damage of the Department of Revenue hacking scandal.
I’m pretty sure that in these two years, I haven’t seen a single report of anyone who has been harmed by the hacking. Which is weird.
Until I do, or rather, until all of us do, Vincent is unlikely to get much traction with voters on this in Anno Domini 2014. I think there was a good bit of general harrumphing when we first learned about it, but time passed, and we heard no horror stories. And, to my knowledge, none of us personally experienced any harm, or even serious inconvenience, as a result of the breach.
So as an issue at this time, it seems rather a dud.
I’m not saying it’s good that we were hacked, and I’m certainly not saying that those in charge did all that they could to prevent it. Obviously, they did not.
But the other shoe never dropped. Or rather, hasn’t yet.