"This is not a good day for South Carolina," is how Gov. Nikki Haley began a Friday afternoon press conference with other state officials at SLED offices in Columbia.

"The state of South Carolina has come under attack by an international hacker," Haley said before explaining that 3.6 million Social Security numbers had been stolen and 387,000 credit/debit cards were exposed when a vast database maintained by the SC Department of Revenue was hacked into. Watch the video of Haley's press conference HERE.

Haley would not go so far as to call the security breach an act of terrorism, but did say it was international in nature. She did little to conceal her anger, saying she'd like the perpetrator(s) "slammed against a wall" or that she'd like to "kick him." Also at the press conference were SLED Chief Mark Keel, Mike Williams of the United States Secret Service, Jim Etter, Director of the South Carolina Department of Revenue (DOR) and Inspector General Patrick Maley.

Earlier in the day, WLTX reported the security breach but Haley said that report had nothing to do with timing of announcement, which came more than two weeks after officials realized a breach had occurred. Williams said the Secret Service learned of the breach on Oct. 10 and began informing the state's 16 agencies. Williams explained that officials could not go public with the breach because it had to achieve a number of "benchmarks" before doing so. Williams was not at liberty to explain what those benchmarks are.

Keel said the banking industry was secretly notified at the beginning of the investigation as required by state law, according to a Greenville News report Friday. The law also requires the public who are at risk to be notified. Keel told the paper investigators didn't know throughout the investigation if the data had been compromised.



The breach and data theft was reportedly discovered by the U.S. Secret Service on Oct. 10, officials said, but the first intrusion began in August. The data was stolen in September, officials told the paper.



Reportedly, none of the Social Security numbers were encrypted and officials said they are studying whether they can do that. However, said the paper, all but 16,000 credit card numbers were encrypted, a process designed to thwart identity thieves and data theft.

View a chronology of the security breach HERE.

Ironically, from the time the breach occurred to the time it was announced, Haley completed a review of nine state agencies and found them "in...compliance with sound computer security practices" according to WLTX. In response to the attack, Haley issued an executive order mandating a review of the information security systems of all of the state's agencies (see attached).