The Javits Center experienced a data breach in 2020, where unauthorized actors gained access to employee email accounts between April 26, 2020, and September 10, 2020, with the incident reported on December 21, 2020. The breach exposed sensitive personal information of approximately 15,000 individuals, including names, dates of birth, Social Security numbers, and driver’s license numbers. The compromised data belonged to employees, raising concerns over identity theft and financial fraud. In response, the organization offered affected individuals two years of free identity theft protection services through Experian, covering identity monitoring and restoration. The prolonged exposure period (over 4.5 months) before detection heightened the risk of misuse of the stolen data. The breach underscored vulnerabilities in email security protocols and the potential for long-term reputational and financial harm to both the company and the impacted individuals.
TPRM report: https://www.rankiteo.com/company/jacob-k-javits-convention-center-of-new-york
"id": "jac013090625",
"linkid": "jacob-k-javits-convention-center-of-new-york",
"type": "Breach",
"date": "4/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 15000,
'industry': 'Hospitality / Events',
'location': 'New York City, New York, USA',
'name': 'New York City Convention Center Operating '
'Corporation (Javits Center)',
'type': 'Government Entity / Convention Center '
'Operator'}],
'attack_vector': 'Unauthorized Access (Email Account Compromise)',
'customer_advisories': 'Identity theft protection services (Experian) offered '
'to affected individuals',
'data_breach': {'data_exfiltration': 'Likely (data was accessed)',
'number_of_records_exposed': 15000,
'personally_identifiable_information': ['Names',
'Dates of Birth',
'Social Security '
'Numbers',
"Driver's License "
'Numbers'],
'sensitivity_of_data': "High (includes SSNs and driver's "
'license numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Sensitive Personal Data']},
'date_detected': '2020-09-10',
'date_publicly_disclosed': '2020-12-21',
'description': 'The New York City Convention Center Operating Corporation '
'd/b/a Javits Center reported a data breach involving '
'unauthorized access to employee email accounts. Approximately '
'15,000 individuals were affected, with personal information '
'such as names, dates of birth, Social Security numbers, and '
"driver's license numbers potentially accessed. Identity theft "
'protection services, including a two-year membership with '
'Experian, were offered to affected individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive personal data',
'data_compromised': ['Names',
'Dates of Birth',
'Social Security Numbers',
"Driver's License Numbers"],
'identity_theft_risk': "High (due to exposure of SSNs and driver's "
'license numbers)',
'systems_affected': ['Employee Email Accounts']},
'initial_access_broker': {'entry_point': 'Employee Email Accounts',
'reconnaissance_period': 'Potentially between '
'2020-04-26 (initial '
'access) and 2020-09-10 '
'(discovery)'},
'investigation_status': 'Disclosed (2020-12-21)',
'references': [{'source': 'Javits Center Data Breach Notification'}],
'response': {'communication_strategy': 'Public disclosure and notification to '
'affected individuals',
'incident_response_plan_activated': 'Likely (given the '
'structured disclosure and '
'remediation)',
'remediation_measures': ['Offered identity theft protection '
'services (Experian)']},
'title': 'Javits Center Data Breach (2020)',
'type': 'Data Breach'}