NY Business Council Reports Data Breach Impacting 47,000 Individuals
▼ Summary
– The Business Council of New York State suffered a data breach in February affecting over 47,000 individuals’ personal, financial, and health information.
– Attackers accessed BCNYS systems between February 24-25, but the breach wasn’t detected until August 4, nearly six months later.
– Stolen data includes Social Security numbers, financial account details, payment card information, and various medical/health insurance records.
– BCNYS has found no evidence of fraud or identity theft related to the incident but is offering free credit monitoring to affected individuals.
– The organization represents over 3,000 member companies and associations employing more than 1.2 million New Yorkers.
The Business Council of New York State has confirmed a significant data breach affecting more than 47,000 individuals, with attackers stealing a wide range of sensitive personal, financial, and medical information. The breach occurred in late February but was not discovered until early August, raising concerns about the security of data held by one of the state’s most influential employer associations.
As the largest organization of its kind in New York, the Business Council represents thousands of member organizations, including major corporations, local chambers of commerce, and professional associations. Collectively, these entities employ well over a million people across the state, underscoring the broad potential impact of the incident.
According to an official filing with Maine’s attorney general, unauthorized access to the council’s internal systems took place between February 24 and 25. It wasn’t until August 4 that the intrusion was detected, prompting an immediate investigation with the help of external cybersecurity experts. The probe confirmed that threat actors had successfully exfiltrated files containing highly sensitive data.
In notification letters sent to affected individuals, the organization emphasized its rapid response. “Upon detecting the unauthorized activity, BCNYS immediately contained the incident and launched a thorough investigation,” the letters stated. The council also noted there is currently no evidence of identity theft or fraudulent activity stemming from the breach, though it continues to monitor the situation closely.
Compromised information includes full names, Social Security numbers, dates of birth, and state ID numbers. Financial details such as bank account and routing numbers, payment card data including PINs and expiration dates, taxpayer identification numbers, and electronic signatures were also taken. On the health side, exposed records contained medical provider names, diagnoses, prescription details, treatment information, and health insurance data.
The Business Council is offering free credit monitoring services to anyone whose Social Security number was exposed. It strongly advises all affected individuals to vigilantly monitor financial accounts and credit reports for any signs of suspicious activity. A spokesperson for the organization did not respond immediately to requests for additional comment.
(Source: Bleeping Computer)
