NELSON MULLINS - a law firm representing South Carolina in the aftermath of a massive cyber breach now says no competitors were contacted before South Carolina reached a $12 million no-bid contract with Experian.

Attorney Jon Neiditz of Columbia firm Nelson Mullins said the confusion over whether the firm had contacted other credit monitoring companies resulted from an unclear statement made by another attorney.
The Revenue Department reached an initial agreement with Experian just before the breach affecting millions of current and former S.C. taxpayers was first announced publicly on Oct. 26.

EXPERIAN is providing a year of credit monitoring for taxpayers and dependents as well as lifetime credit fraud resolution.

The confusion over whether Nelson Mullins ever reached out to Experian competitors began at an Oct. 30 Senate Finance Committee hearing.

Revenue Department Director James Etter correctly told senators that no other companies were contacted besides Experian.

But Nelson Mullins attorney Thad Westbrook immediately followed up and told senators that pricing was obtained from two other firms but Experian had the ability to scale up quickly in an emergency situation.

Weeks after the hearing, Revenue Department spokeswoman Samantha Cheek named the other two companies that Nelson Mullins had obtained estimates from as Citreas and Identity Force.

Obtaining pricing information from Experian competitors and examination did not include reaching out to them.

Neiditz said he had pre-existing pricing information from various cyber security companies and knew Experian could offer the best deal. The leaders of other firms have disputed that assessment.

Neiditz said Monday that Westbrook’s statement during the hearing caused confusion.

“It wasn’t clear,” Neiditz said.“It led to the impression that other companies had been contacted. I mentioned those vendors to him.”

Some senators have expressed concerns about the state’s no-bid contract with Experian.

Anderson GOP Sen. Kevin Bryant said it’s worrisome that no other companies were approached following the breach.

Normally, state contracts are struck following a request for proposals from various companies.

The law states “competition as is practicable shall be obtained.”

Neiditz recommended Experian to his firm, which then recommended Experian to the state. Nelson Mullins is being paid an estimated $100,000 for its work assisting the state.

Neiditz said he actually considered 20 vendors, not just Experian and two competitors as Westbrook and Cheek said, but never contacted any of them before deciding on Experian.

He said he first contacted Experian on Oct. 23, three days before the breach was announced.

Experian was first contacted on Oct. 25. The Secret Service alerted state officials to the breach on Oct. 10.

Experian already had a contract worth about $750,000 with the S.C. Department of Health and Human services after a breach of Medicaid patient information announced in April. That deal also was reached using the emergency law.

The CEOs of Citreas and Identity Force said earlier this month that their pricing would have been competitive with Experian and their services would have been superior in some ways.

Bryant questions that logic, saying vendors likely would have been beating down the state’s doors and possibly could have provided a better deal with the potential for millions of future customers in mind.

http://www.postandcourier.com/article/2012112...