- BCNYS suffered a cyber attack in February and discovered it in August
- Personal, payment and medical care sensitive information was stolen
- There is still no evidence of bank abuse
The New York State Business Council (BCNYS), an association that represents companies, cameras and professional organizations throughout New York, has confirmed that it suffered a cyber attack in which it lost confidential information about tens of thousands of people.
The Bcnys Filled A Report with the Office of the Maine Attorney General, in which it confirmed the breach, and detailed the Type of Data That was stolen – in total, 47,329 individuals were Numbers (SSN), Dates of Birth, State Identification Numbers, Financial Institution Names, Financial Account and Routing Number Information, Payment Card Numbers, Pins, Payment Card Expiration dates, taxpayer identification numbers and electronic signature information.
It also included health data such as medical suppliers names, diagnostic information and medical conditions, prescription information, data on treatment and medical procedures and health insurance information.
How to stay safe
The incident apparently occurred at the end of February 2025, but BCNYS did not notice until the beginning of August, when he initiated an investigation and notified the relevant authorities.
Until now, there is no evidence that stolen files are used in identity theft, phishing or other cybercrime, but, of course, this does not mean that it is not happening, or that it does not happen.
Computer pirates can use stolen data to open bank accounts or credit lines, make unauthorized purchases, submit false tax statements and even access medical services or recipes under the name of another person.
Victims must place a fraud alert or freeze credit with the main credit offices, monitor the bank account daily and credit card, and subscribe to obtain identity robbery or credit monitoring, since BCNYS offers it, for free.
They must also change passwords and enable multifactorial authentication in all accounts, notify their potential fraud banks and insurers and request an IRS identity protection pin to block false tax presentations.
For medical data, victims must review the insurance explanation of benefits statements (EOB) and contact suppliers to mark any suspicious medical activity.
Through Bleepingcomputer
