The South Carolina Department of Revenue (SCDOR) says it needs a $20 million loan to help pay off costs stemming from a cyber-attack on the agency’s database that compromised the sensitive information of more than 3.8 million tax filers.
SCDOR’s request comes before the Budget & Control Board on Wednesday morning. No state agency can borrow money without approval from the six-member, part-legislative, part-executive board. In all, SCDOR is requesting $20,170,000 to be used towards “addressing the security of its information technology infrastructure and the recent breach of its information technology systems,” according to documents filed with the board.
While neither SCDOR nor the Governor’s Office has released the full cost of the breach, it likely includes a $12 million contract signed with the credit agency Experian. State officials agreed to pay Experian for a free year of credit monitoring and lifetime credit protection services for all affected South Carolinians.
However, SCDOR has already indicated that it will also pay for several major upgrades to its network security, including a “multifactor authentication” system that costs at least $25,000. The state has also begun mailing notification letters to all South Carolinians affected by the breach, which will also likely become expensive when millions of letters are required.
The Department of Revenue received nearly $41.7 million in general funds last year.