/

NYC DOE Data Breach: What & How It Happened?

NYC DOE Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In June, the New York City Department of Education (NYC DOE) experienced a data breach affecting numerous in-service members, former employees, and public school students. The breach involved unauthorized access to DOE documents and the theft of sensitive information. This incident was part of a larger, worldwide hack targeting a security vulnerability in the MOVEit software.

How many accounts were compromised?

The breach impacted data related to approximately 1 million students, 130,000 in-service UFT members, and 36,000 former DOE employees.

What data was leaked?

The data exposed in the breach included identifiable information of parents and students aged 18 and older, employee ID numbers, leave status, Social Security numbers, names, partial address information, dates of birth, OSIS numbers, ethnicity, academic records, and enrollment status.

How was NYC DOE hacked?

The data breach occurred as part of a worldwide hack targeting a security vulnerability in the MOVEit software, which is widely used for secure data transfers. The breach exposed sensitive information of numerous in-service members, former employees, and public school students. Specific details on the hackers' methods remain unclear.

NYC DOE's solution

In response to the hack, the NYC DOE took action by notifying affected individuals and offering two years of free identity theft and credit monitoring services through IDX. While specific enhanced security measures taken by the NYC DOE remain unclear, these steps aim to mitigate the potential consequences of the data breach and protect the personal information of students and employees.

How do I know if I was affected?

The NYC DOE has notified individuals believed to be affected by the breach. If you are a parent, student, or employee connected to the NYC DOE and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or support teams.

For more specific help and instructions related to the NYC DOE's data breach, please contact NYC DOE's support directly.

Where can I go to learn more?

If you want to find more information on the NYC DOE data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

NYC DOE Data Breach: What & How It Happened?

NYC DOE Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In June, the New York City Department of Education (NYC DOE) experienced a data breach affecting numerous in-service members, former employees, and public school students. The breach involved unauthorized access to DOE documents and the theft of sensitive information. This incident was part of a larger, worldwide hack targeting a security vulnerability in the MOVEit software.

How many accounts were compromised?

The breach impacted data related to approximately 1 million students, 130,000 in-service UFT members, and 36,000 former DOE employees.

What data was leaked?

The data exposed in the breach included identifiable information of parents and students aged 18 and older, employee ID numbers, leave status, Social Security numbers, names, partial address information, dates of birth, OSIS numbers, ethnicity, academic records, and enrollment status.

How was NYC DOE hacked?

The data breach occurred as part of a worldwide hack targeting a security vulnerability in the MOVEit software, which is widely used for secure data transfers. The breach exposed sensitive information of numerous in-service members, former employees, and public school students. Specific details on the hackers' methods remain unclear.

NYC DOE's solution

In response to the hack, the NYC DOE took action by notifying affected individuals and offering two years of free identity theft and credit monitoring services through IDX. While specific enhanced security measures taken by the NYC DOE remain unclear, these steps aim to mitigate the potential consequences of the data breach and protect the personal information of students and employees.

How do I know if I was affected?

The NYC DOE has notified individuals believed to be affected by the breach. If you are a parent, student, or employee connected to the NYC DOE and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or support teams.

For more specific help and instructions related to the NYC DOE's data breach, please contact NYC DOE's support directly.

Where can I go to learn more?

If you want to find more information on the NYC DOE data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

NYC DOE Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In June, the New York City Department of Education (NYC DOE) experienced a data breach affecting numerous in-service members, former employees, and public school students. The breach involved unauthorized access to DOE documents and the theft of sensitive information. This incident was part of a larger, worldwide hack targeting a security vulnerability in the MOVEit software.

How many accounts were compromised?

The breach impacted data related to approximately 1 million students, 130,000 in-service UFT members, and 36,000 former DOE employees.

What data was leaked?

The data exposed in the breach included identifiable information of parents and students aged 18 and older, employee ID numbers, leave status, Social Security numbers, names, partial address information, dates of birth, OSIS numbers, ethnicity, academic records, and enrollment status.

How was NYC DOE hacked?

The data breach occurred as part of a worldwide hack targeting a security vulnerability in the MOVEit software, which is widely used for secure data transfers. The breach exposed sensitive information of numerous in-service members, former employees, and public school students. Specific details on the hackers' methods remain unclear.

NYC DOE's solution

In response to the hack, the NYC DOE took action by notifying affected individuals and offering two years of free identity theft and credit monitoring services through IDX. While specific enhanced security measures taken by the NYC DOE remain unclear, these steps aim to mitigate the potential consequences of the data breach and protect the personal information of students and employees.

How do I know if I was affected?

The NYC DOE has notified individuals believed to be affected by the breach. If you are a parent, student, or employee connected to the NYC DOE and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or support teams.

For more specific help and instructions related to the NYC DOE's data breach, please contact NYC DOE's support directly.

Where can I go to learn more?

If you want to find more information on the NYC DOE data breach, check out the following news articles: