The Business Council of New York State (BCNYS) disclosed a data breach that affected the personal, financial and health information of more than 47,000 individuals, according to a filing with the Maine Attorney General.
The breach occurred on February 24–25 and was detected nearly six months later, on August 4, after which BCNYS said it immediately contained the incident and engaged outside cybersecurity experts to assess the scope and impact of the intrusion.
BCNYS, which represents more than 3,000 member organizations and employs more than 1.2 million New Yorkers, said the attackers accessed and stole files containing various categories of sensitive data. The information potentially exposed includes full names, Social Security numbers, dates of birth, state identification numbers, financial institution names, bank account and routing numbers, payment card numbers, card expiration dates, card PINs, taxpayer identification numbers and electronic signatures.
Health data exposed in the breach includes medical provider names, diagnoses or conditions, prescriptions, treatment or procedure information, and health insurance details.
In its breach notice, BCNYS said it will provide free credit monitoring memberships to individuals whose Social Security numbers were exposed and urged affected people to monitor their account statements and free credit reports for any suspicious activity.