Former SC CIO says logs should have caught hacker
Thu, 07 Feb 2013 23:45:40 GMT —
COLUMBIA, S.C. (WACH, AP) -- The former chief information officer of South Carolina's revenue agency has accepted partial responsibility for the cyber-theft of millions of taxpayers' personal data, even while questioning why his staff didn't catch it.
Mike Garon told a House panel Thursday he knew nothing about the hacking when he was forced to resign Sept. 21, a week after the thief removed data from the agency's computer servers. It marked the first time Garon has spoken about the debacle.
Experts hired by the state say the hacker likely gained access Aug. 13 through a phishing email. The thief then repeatedly roamed the system before removing the data.
Garon says employees should have caught that activity through computer logs. He says either security procedures were inadequate or weren't followed.
"If it was not possible to detect what was going on because the logging systems were not adequate on our part, then I will take responsibility for that," Garon said. "But if the logs were adequate, then I'm concerned that I have to take accountability for my staff not executing the procedures they should have executed."
Lawmakers also criticized the DOR for not sending a representative to the meeting. The next hearing is expected to be held later in February.