"It's way little, way too late," said State Representative James Smith . "The governor showed complete lack of confidence in responding to this."
Smith and Senator Vincent Sheheen, and other legislative Democrats took to the state house Thursday to put the governor and the Department of Revenue on notice: state leaders have to do more to protect citizens from a cyber attack on their personal information.
"What was the state of South Carolina supposed to be doing?" asked Sheheen. "We don't know the answer to that, we deserve to know the answer to that."
Both expressed frustration over the fact that it's taken nearly two months for the public to learn some of the intimate details about how the hack happened and who's responsible.
"So far, all we've seen is a bunch of ducking, dodging, weaving and excuse making," said Sheheen. "And that might work in politics, but when you've had 3.7 million people's information stolen, it's just not good enough."
Smith and Sheheen started their own investigation into the hack in October.
What they found: Jim Etter, the governor's pick to lead the revenue department, didn't do everything he could to protect his agency's networks.
He chose not to use the state's 24/7 network monitoring service that could have helped prevent the hack.
"If this were in the private sector and a company had done what our state government had been doing, they would either be in criminal court or they would be in civil court being fined incredibly," said Sheheen. "It's worse when your government treats you that way, as well. So, I have no faith that we wouldn't have heard of it when we did if the press hadn't begun to leak it."
Sheheen and Smith also talked about long-term help for taxpayers. They want the Legislative Audit Council to conduct an independent investigation of how the hack occurred and who's responsible.
The governor's spokesman says they've already asked for one, but Haley does not object to a second audit.
Sheheen and Smith want to give tax credits to offset costs to pay for credit monitoring. And they want to set up a state fund to pay for any losses taxpayers may have to pay as a result of the hack.