Data breach at CNY Works career center may have exposed personal information of 56,000 clients

Syracuse, N.Y. — A data breach at CNY Works may have exposed the names and Social Security numbers of 56,000 people who have used the nonprofit agency’s services to find jobs.

Clients potentially impacted by the breach began receiving letters from the agency this week warning that files targeted by a suspected ransomware attack on the agency’s servers contained their names and Social Security numbers.

The agency said it has found no evidence or indication that those behind the attack “viewed, accessed or removed” any of the data, which dates back years.

“We are sending notification letters to approximately 56,000 individuals,” Lenore Sealy, the agency’s executive director, said in an email to and The Post-Standard. “However, we are notifying individuals out of an abundance of caution. CNY Works has no evidence that any of the personal information for these individuals has been misused, or even that any of the personal information in its possession was accessed or stolen as a result of this incident.”

The agency said it became aware of a “potential ransomware incident” on Dec. 21, 2019, “when we learned that malware had infected our systems and encrypted files on several servers.”

“Upon learning of the issue, we commenced an immediate and thorough investigation,” the agency said. “As part of our investigation, we engaged external cybersecurity professionals experienced in handling these types of incidents. We were able to restore files from redundant systems that saved some files as a back-up to our primary servers.”

In ransomware attacks, computer files are encrypted, often when an email attachment with a malicious code is opened. The encryption blocks the owner of the files from accessing them. The culprits then demand money to provide a key to unlock the files.

CNY Works said it believes the cyberintruders’ motivation was to lock down the agency’s files “for purposes of potential financial gain from us, and not to access personal data contained in those files.” However, the agency has received no ransom demand for release of the encrypted files, it said.

Sealy said the agency did not send out the warning letters until now because its investigation did not discover until May 27 that some personal data were present in the encrypted files.

“Upon learning of the issue, we commenced an immediate and thorough investigation, which included a thorough review of encrypted files that may had been impacted by the cyberintruders,” she said. “The investigation was extensive and took time to complete to determine who and what information was affected.”

CNY Works is offering all potentially affected clients a one-year membership in Experian IndentityWorks Credit 3B, a service that helps prevent identity theft by detecting possible misuse of personal information.

According to the Social Security Administration, criminals can use someone’s Social Security number to get other personal information about the person and then use that information to apply for credit cards in the person’s name. Then, they use the credit cards and don’t pay the bills, damaging the person’s credit. Often, the victims only find out that someone is using their Social Security number when they begin getting calls from unknown creditors demanding payment for items they never bought.

CNY Works maintains a list of current job openings at hundreds of local employers. Its career center on James Street also provides one-on-one assistance in job searching, use of a resource room with computer access, and offers workshops on resume writing, interviewing skills, social networking and computer skills.

The center also assists people in applying for unemployment benefits. Using the center’s services counts as a work search activity, which helps people maintain their eligibility for those benefits.

Its career center has been closed since March 17 because of the coronavirus pandemic.

Rick Moriarty covers business news and consumer issues. Got a tip, comment or story idea? Contact him anytime: Email | Twitter | Facebook | 315-470-3148

Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here