Editorial | Hack’s Bad Enough, but State Response Made it Worse

November 8, 2012 

Our focus for the past couple of weeks has largely been on Tuesday’s election, but we’d be remiss if we didn’t mention the other enormous story that’s hit our state: the unprecedented breach of state tax data. The massive scandal exposed millions of taxpayers’ information to an unidentified foreign hacker, who authorities have little chance of catching. But as frustrating and disturbing as the crime itself is, the bungled response and unfortunate communication decisions by Gov. Nikki Haley and others in charge have only exacerbated the issue and multiplied that frustration.

To begin with, the governor announced this, a colossal story that affects every South Carolinian, after lunch on a Friday, a time journalists have always been suspicious of, as it’s traditionally reserved for dumping bad news in the hope that reporters won’t have time to follow up on it before the weekend. This scheduling wasn’t because the state had just noticed the problem and were rushing to get the information out as soon as possible. No, the governor had waited a whole 16 days to let everybody in the state know that their sensitive information could be in the hands of a foreign hacker. That delay has already prompted at least one lawsuit.

But don’t worry, we were told. You can immediately sign up for free credit monitoring. The only problem: Whoever set up that system apparently had no idea that hundreds of thousands of us would actually be interested in it. The phone lines immediately jammed that Friday afternoon, putting thousands on hold while others couldn’t get through at all. What’s worse is that much of that frustration could have been avoided with a simple addition to the press release. The only reason many callers were on the phone was to get the activation code for the ID theft website. A bit of forethought would have prevented at least some of the jams. Publicizing that code (SCDOR123) from the beginning could have routed many of us straight to the website rather than tying up phone lines just waiting to learn it.

It was particularly galling for Haley to turn around a couple of days later and blame the media for tying up those phone lines. First of all, we’re citizens of this state too, and we have just as much concern about our identities being stolen as any other taxpayer. Second of all, given the size of the state’s media, a very generous estimate would put the number of reporters calling the hotline for stories at no more than a few dozen statewide. If the system (which was supposed to help 3.8 million affected residents) wasn’t set up to handle even that small number, something was seriously miscalculated.

As for the credit monitoring itself, state senators asked a good question as more details continued to trickle out. Why is the state even requiring residents to sign up for monitoring on their own? Many seniors (who can be particularly vulnerable) may not have Internet access or feel comfortable now giving their information out online. Why not just have the state automatically sign up everybody who was affected? The current solution seems to favor those who are Internet savvy and leave out in the cold anybody who hasn’t paid attention to the news in the past week or doesn’t have a computer.

We’ve also seen either a lack of communication or miscommunication by those responding to the breach. Even after waiting more than two weeks to publicly reveal the hacking, the state still didn’t have all the information about its full extent at hand. While frustrating, that’s understandable as the investigation continues into what is a theft of unprecedented size. What’s not understandable is being told not that information is still coming in, but being fed incorrect information. After first saying that businesses weren’t affected, for example, we were told last week that yes, in fact more than 600,000 of them were affected.

We also found out days later that the hacker used agency credentials to gain access to the information. And we found out just Tuesday that 200,000 more taxpayers than initially reported could be affected. All of this information is coming out in drips, day by day, which doesn’t inspire much confidence. It leaves us wondering what bad news is coming next.

Also not inspiring much confidence has been Haley’s unprofessional demeanor throughout. Though her frustration is understandable, we want reassurance and calm leadership, not angry calls to “brutalize” the hacker and “slam him into the wall.” As for her reason that all of the state’s tax info wasn’t already encrypted – “It’s very cumbersome. There’s a lot of numbers involved with it.” – really? Perhaps she would have been better served by actually taking some of the calm talking point advice that the state paid a PR firm $150,000 to provide.

Still, Haley deserves at least some slack. An issue of this size is unprecedented, and just as in any investigation, new information surfaces periodically. That’s just a reality. If this were combat, we’d call it the fog of war. But at least when it comes to communicating the current situation to residents, the whole thing has been handled spectacularly badly. When our confidence in the state to safeguard our information has already been knocked on its heels, fumbling and bumbling the response certainly doesn’t help restore that confidence.

Myrtle Beach Sun News is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service