Buy Now
SouthState Bank is facing numerous lawsuits after personal information about its current and former customers was exposed in a February data breach.
- File/Staff
top story
John McDermott
Our newsletter catches you up with all the business stories that are shaping Charleston and South Carolina every Monday and Thursday at noon. Get ahead with us - it's free.
X
Some businesses treat the personal information they collect like a family heirloom. They keep it forever.
It's proving to be a risky habit.
And it now appears a big regional bank with far-reaching roots in South Carolina is among the hoarders of financially delicate details about current and even past customers.
SouthState Corp. is facing a new lawsuit filed in federal court in Charleston that's seeking class-action status over a data breach that was discovered and disclosed more than two months ago.
Business
SC banker who helped build a Southeast juggernaut quietly exits
- By John McDermottjmcdermott@postandcourier.com
Christopher Hart, who lodged his complaint at the Four Corners of Law on April 12, was among thousands who recently received a notice alerting them that they're potential victims of an online heist that targeted "certain folders" on the company's network.
"We reviewed the files in these folders and on March 13 ... determined that one or more files contained your name, financial account number and Social Security number," SouthState said in the widely distributed form letter.
Hart was likely surprised by the mailing. His account was closed in 2014.
"Thus, SouthState Bank has retained his private information for nearly a decade longer than needed," his lawsuit alleged.
It's an issue that's cropping up more and more — despite a key rule of thumb from the Federal Trade Commission, which last fall required financial institutions to report breaches of unencrypted data in their possession.
Business
Fallout from SC tech firm's costly data theft isn't over yet
- By John McDermottjmcdermott@postandcourier.com
"Securely dispose of customer information no later than two years after your most recent use of it to serve the customer," according to the agency's recommendations.
The FTC added that the exceptions to its guidelines can include a legitimate business need or a legal requirement to keep the data — or if purging it isn’t feasible because of how it's being stored.
In Columbia, lawmakers filed a bill earlier this year that would set rules for businesses that are storing consumer information. The "technology transparency" legislation was then kicked over to the S.C. House Judiciary Committee for review.
Privacy advocates and cybersecurity experts for years have stressed that "data minimization" is the most foolproof defense against hackers.
“You collect this sensitive information: What do you do afterwards if you don’t need it for another purpose? You delete it, because if it’s deleted it can’t be breached," Jessica Rich, a former director of the FTC’s Bureau of Consumer Protection, said in a reportpublished in November by Fast Company.
A Charleston tech company learned a harsh lesson about the merits of ditching old information about customers after a costly 2020 network invasion that's still being litigated in federal court. In settling its complaint against Blackbaud Inc. earlier this year, the FTC said it found "reckless security retention practices" cost the Daniel Island company more money — and unnecessarily exposed information about ex-clients — "by hoarding reams of data that it did not reasonably need."
SouthState declined to comment on its breach last week, citing the newly filed litigation. In addition to the Charleston complaint, about 10 other similar cases have been added to the court docket this month in Florida, where the bank's parent company is headquartered.
Most of the lawsuits expressed concerns about the data being marketed for sale on the "dark web" to identity-theft scammers who could use it to take out loans under a victim's name or for other nefarious financial purposes.
Business
SC bank customers are being notified about data breach earlier this year
- By John McDermottjmcdermott@postandcourier.com
"Such fraud may go undetected until debt collection calls commence months, or even years, later," according to a lawsuit Blythewood resident Latonya Gore filed over the SouthState breach.
The publicly traded bank said in filings with investors and stock-market regulatorsthat it detected "unauthorized access" to its network around Feb. 6 and reported it to government authorities, as required, and to law enforcement.
"The company is conducting a thorough investigation and a cybersecurity firm has been engaged," SouthState said.
In an update last month, the bank said the breach had "a significant impact on certain" operations but that it had "contained the impact." It also determined that it needed to alert anyone whose data was possibly stolen.
SouthState hasn't disclosed how many accounts were compromised or other details about its investigation. It said it's taking steps to strengthen its data security network.
Based in Columbia until 2020, SouthState is among the largest banks in the Palmetto State, where its origins reach back to a pair of lenders formed during the Great Depression in Charleston and Orangeburg. About 80 of its roughly 250 branches are in South Carolina.
In its notification letter, the bank offered affected current and former customers a free one-year membership with an ID-theft prevention service. One of the complaints described that as "wholly inadequate."
All of the lawsuits are seeking additional compensation, including restitution, interest, unspecified financial damages and money for legal expenses.
Sign up for our business newsletter.
Our twice-weekly newsletter features all the business stories shaping Charleston and South Carolina. Get ahead with us - it's free.
Contact John McDermott at 843-937-5572 or follow him on X: @byjohnmcdermott
John McDermott
- Author twitter
- Author email
Similar Stories
Apartments coming to Park Circle area of North Charleston this year
The Beach Co. plans to complete four apartment buildings by October with prelease starting this summer for its newest community, The Assembly in Park Circle. Read moreApartments coming to Park Circle area of North Charleston this year
Charleston real estate CEO tops in SC on annual billionaires list
Also, an investment analysis firm sees more upside for Blackbaud Inc.'s latest buyout offer. Read moreCharleston real estate CEO tops in SC on annual billionaires list
Retailer with SC stores files for bankruptcy, announces 95 closures, possible sale
NEW YORK — E… Read moreRetailer with SC stores files for bankruptcy, announces 95 closures, possible sale
Marriott-flagged hotel is being proposed for a Charleston suburb
A North Carolina-based developer is looking to build its second hotel on Orleans Road near Citadel Mall in West Ashley. Read moreMarriott-flagged hotel is being proposed for a Charleston suburb
Editor's Picks
top story editor's pick
New rental homes by nonprofit may be the silver lining in Chicora-area housing crisis
top story editor's pick
‘Lost in the jungle’: Mexican authorities consider Charleston man missing, not dead
top story editor's pick
Should I tip when my bill includes service fees? What to know about restaurant surcharges
top story editor's pick
North Charleston poised to become latest South Carolina city with hate crimes law
, Post and Courier, an Evening Post Publishing Newspaper Group. All rights reserved. | Terms of Sale | Terms of Use | Privacy Policy