Governor Nikki Haley updated South Carolina residents on the security breach on the state Department of Revenue again Wednesday.
She said starting Friday there will be online monitoring for the approximately 657,000 businesses that may have been impacted by what experts call the largest cyber-attack against a state tax agency in the nation. The hackers were able to access state EINs or (Employer Identification Numbers) assigned to businesses.
Dun & Bradstreet Credibility Corp. is launching free credit reports for all South Carolina businesses. The website says the monitoring services will be live Friday, November 2nd. Businesses can also call 1-800-279-9881 at that time.
"They are going to do credit monitoring in real time and contact businesses if anything changes, at no charge for life of business," Haley said.
Haley adds Dun & Bradstreet Credibility Corp. are not charging the state for the service.
3.6 million tax returns from as far back as 1998 were hacked in South Carolina. Last week, state officials announced that someone overseas had hacked into the Department of Revenue's computer system in September and personal information belonging to state taxpayers could be in jeopardy.
The state contracted with Experian, a credit monitoring company, to give taxpayers a free service for one year and fraud resolution protection for life.
Haley said as of Wednesday, Experian has received 620,000 phone calls about the hacked returns. 418,000 people have enrolled with Experian. The state's deal with Experian is capped at $12 million.
Governor Haley was joined by SLED Chief Mark Keel and DOR Director Jim Etter at Wednesday's news conference at the State House.
Etter told reporters that the computer systems have not been updated since the 1970's, but the DOR was in the process of replacing them.
"We've been in process since 2006 to upgrade our system. It takes a long period of time with our old Legacy system and update to the new technology," Etter said.
When asked if newer computers could have prevented the hack, both Etter and Haley said no.
Meanwhile, Wednesday, a class action lawsuit was filed by former Sen. John Hawkins, a Spartanburg lawyer, on behalf of others. It accuses DOR officials and Haley of failing to "expeditiously" disclose the breach and to encrypt the data exposed to the hacker.
When asked about the suit, Haley said, "There's a trial lawyer with a hand out and a tissue ready at any turn, and he just proved that."
The Greenville News reports the lawsuit seeks a determination of whether Haley and DOR violated the law and if so are liable for a fine of up to $1,000 per person whose records were exposed.
State officials were notified of the breach on October 10 but did not disclose it until last Friday, saying they needed to develop their investigation more.
The state has already paid $125,000 to Mandiant, which is investigating how the breach of the Department of Revenue's servers happened and how to protect the state's online systems in the future.
Tuesday we learned the hacker had to have certain credentials to get into the agency's computer system. Etter said 250 employees have those codes.
"We safeguarded the citizens of the state," said Etter. "We made a decision that was in the best interests of the citizens."
When asked about the investigation Wednesday, Haley said they were not allowed to discuss it.
For individual taxpayers who have yet to sign up for the Experian service, go to www.protectmyid.com/scdor and enter the activation code SCDOR123 (make sure you use all capital letters). Make sure you hit the "logout" button at the top right hand corner of the screen before trying to create another account.
You have until January 31, 2013 to sign up for the personal service. Haley says there is not a deadline for the business sign up.
The AP contributed to this report.