On August 15, 2021, the Onondaga County Chapter of NYSARC, Inc. suffered a data breach due to unauthorized network access (hacking), compromising the sensitive personal information of 8,566 individuals, including two Maine residents. The exposed data included Social Security numbers, a high-value target for identity theft and fraud. The breach was severe enough to warrant formal written notifications to all affected parties on November 30, 2021, alongside an offer of 12 months of identity protection services via Equifax as a remedial measure. The incident highlights a significant failure in cybersecurity defenses, allowing attackers to infiltrate systems and exfiltrate highly sensitive data. Social Security numbers, in particular, pose long-term risks, as they can be exploited for financial fraud, loan applications, or even medical identity theft. The delayed disclosure (over three months) may have further exacerbated risks for victims, leaving them vulnerable during the interim. While the organization took steps to mitigate harm post-breach, the exposure of such critical data underscores systemic vulnerabilities that could erode trust among clients, donors, and regulatory bodies. The breach’s scale and nature suggest potential legal and reputational repercussions, particularly given the organization’s role in supporting individuals with developmental disabilities, who may be more susceptible to exploitation.
TPRM report: https://www.rankiteo.com/company/mozaicny
"id": "moz256082125",
"linkid": "mozaicny",
"type": "Breach",
"date": "8/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 8566,
'industry': 'Healthcare / Social Services',
'location': 'Onondaga County, New York, USA',
'name': 'Onondaga County Chapter, NYSARC, Inc.',
'type': 'Non-Profit Organization'}],
'attack_vector': 'Unauthorized Access (Hacking)',
'customer_advisories': 'Written notification and 12 months of identity '
'protection services (Equifax) offered to affected '
'individuals',
'data_breach': {'number_of_records_exposed': 8566,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers']},
'date_detected': '2021-08-15',
'description': 'The Maine Office of the Attorney General reported that the '
'Onondaga County Chapter, NYSARC, Inc. experienced a data '
'breach on August 15, 2021, involving unauthorized access '
'(hacking) to their network. A total of 8,566 individuals were '
'affected, including 2 Maine residents, and sensitive '
'information such as Social Security numbers was compromised. '
'The organization provided written notification to affected '
'individuals on November 30, 2021, and offered 12 months of '
'identity protection services through Equifax.',
'impact': {'data_compromised': ['Social Security numbers'],
'identity_theft_risk': 'High (Social Security numbers exposed)'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Written notification to affected '
'individuals (November 30, 2021)',
'third_party_assistance': ['Equifax (identity protection '
'services)']},
'title': 'Onondaga County Chapter, NYSARC, Inc. Data Breach',
'type': 'Data Breach'}