Rome, NY, Addresses Data Breach Exposing Contractor Personal Information
During a recent Rome Common Council meeting, city officials confirmed a data breach involving sensitive personal information for 36 employees of Central Paving, a city contractor. The exposure was discovered on February 11 when resident Blair Genther found payroll documents containing the data in the council’s agenda packet.
City Corporation Counsel Gerard Feeney acknowledged Genther’s alert, stating the documents were removed from the city’s website within two hours of notification. The contractor was informed, and the city is working with Central Paving to notify affected employees. Officials have also consulted the New York State Attorney General’s Office and the Department of Labor for guidance on next steps, including a formal request to Google to scrub remaining traces of the documents from the internet.
While Feeney did not disclose whether the city carries insurance for data breaches, he emphasized the city’s swift response. The incident highlights ongoing concerns about municipal data security and transparency in handling contractor information.
In the same meeting, the council approved several resolutions, including $1 million for the Kessinger Dam repair project, a $3 million state grant application for Black River Boulevard improvements, and the sale of multiple city-owned properties. Residents also raised concerns about snow removal delays impacting downtown businesses and recent pedestrian safety issues on city streets.
City of Rome, New York cybersecurity rating report: https://www.rankiteo.com/company/city-of-rome-new-york
"id": "CIT1772127515",
"linkid": "city-of-rome-new-york",
"type": "Breach",
"date": "2/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '36 employees',
'industry': 'Construction/Paving',
'location': 'Rome, NY',
'name': 'Central Paving',
'type': 'Contractor'},
{'industry': 'Government',
'location': 'Rome, NY',
'name': 'City of Rome, NY',
'type': 'Municipality'}],
'customer_advisories': 'Affected employees notified',
'data_breach': {'file_types_exposed': 'Documents (unspecified format)',
'number_of_records_exposed': '36',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Payroll documents, personally '
'identifiable information'},
'date_detected': '2024-02-11',
'date_publicly_disclosed': '2024-02-11',
'description': 'A data breach involving sensitive personal information for 36 '
'employees of Central Paving, a city contractor, was '
'discovered when payroll documents containing the data were '
'found in the Rome Common Council’s agenda packet. The '
'documents were removed from the city’s website within two '
'hours of notification, and affected employees were notified. '
'The city is working with authorities and has requested Google '
'to scrub remaining traces of the documents from the internet.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to the '
'city and contractor',
'data_compromised': 'Personal information of 36 employees',
'identity_theft_risk': 'High',
'legal_liabilities': 'Possible legal actions or fines'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Need for improved municipal data security and '
'transparency in handling contractor information',
'post_incident_analysis': {'corrective_actions': 'Removal of documents, '
'consultation with '
'authorities, and request to '
'Google for scrubbing',
'root_causes': 'Improper handling and public '
'exposure of sensitive documents'},
'recommendations': 'Implement stricter controls for handling sensitive '
'documents, enhance training for city staff on data '
'protection, and consider cyber insurance for data '
'breaches',
'references': [{'source': 'Rome Common Council Meeting'}],
'regulatory_compliance': {'regulatory_notifications': 'New York State '
'Attorney General’s '
'Office, Department of '
'Labor'},
'response': {'communication_strategy': 'Notification to affected employees '
'and consultation with authorities',
'containment_measures': 'Documents removed from the city’s '
'website within two hours',
'on_demand_scrubbing_services': 'Requested from Google',
'remediation_measures': 'Request to Google to scrub remaining '
'traces of the documents from the '
'internet',
'third_party_assistance': 'New York State Attorney General’s '
'Office, Department of Labor'},
'title': 'Rome, NY, Data Breach Exposing Contractor Personal Information',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper handling of sensitive documents'}