On Friday, State Senate Finance Committee Chairman Hugh Leatherman (R-Florence) appointed four state senators to mount an inquiry into nearly 4.5 million state taxpayer records exposed in a September Department of Revenue cyber-security breach, which is currently under investigation by state and federal law enforcement officials.

After hearings over the last week left senators with more questions than answers, Leatherman tasked Republican S.C. Sens. Kevin Bryant of Anderson and Billy O’Dell of Abbeville to head up the new subcommittee, and Democratic Sens. John Matthews of Orangeburg and Darrell Jackson of Richland to look into the security lapse.

In a press release Friday, Leatherman criticized state Department of Revenue Director James Etter for only disclosing that business records may have been stolen in the security breach after senators pressed him on the matter at a hearing last week, “I don’t think any senator was satisfied with the answers we got,” said Leatherman, voicing his particular concern over elderly South Carolinians who may not be able to sign up for Experian credit monitoring on their own.

The compromised business records were not included in initial reports by state officials, who limited the scope of the breach to 3.6 million individual tax documents. In addition to the 657,000 business tax records revealed by Etter, Gov. Nikki Haley said this week that an additional 200,000 individual records not previously thought to have been a part of the security breach may have been taken, bringing the maximum number of South Carolina taxpayers affected by the breach to more than 4.5 million.

As investigators near completion of their report, on Thursday Haley backed off initial statements absolving the agency or its employees of any fault in the incident. Since those statements, reports have surfaced that described the attack as having compromised one particular Dept. of Revenue workstation and showed that DOR did not have the same security measures in place as other state agencies.

In addition to as much as $12 million for services by Experian, the state has also brought on legal and PR representation to assist in handling the fallout from the breach. The total cost for these services is not yet known. Risk management firm Dun and Bradstreet is providing credit monitoring services for S.C. businesses at no cost.