The Business Council of New York State, a prominent business advocacy organization, suffered a cyberattack in February, exposing sensitive data of **47,329 individuals**. The breach compromised a wide range of personal and financial information, including **names, Social Security numbers, state ID numbers, financial account/routing numbers, payment card details (numbers, PINs, expiration dates), taxpayer IDs, and electronic signatures**. Additionally, **medical data**—such as diagnoses, prescriptions, treatments, procedures, and health insurance details—was also leaked for some victims. The organization, which represents over **3,000 member companies** (including major firms like IBM and Kodak) and employs over **1.2 million people** statewide, confirmed the incident after completing an investigation on **August 4**. The breach exploited the group’s insurance program, which many members utilize, amplifying the scale of exposure. The attack poses severe risks of **identity theft, financial fraud, and medical privacy violations**, with long-term reputational and operational consequences for the Council and its affiliated businesses.
Source: https://therecord.media/new-york-business-council-data-breach
TPRM report: https://www.rankiteo.com/company/the-business-council-of-new-york-state-inc.
"id": "the515082025",
"linkid": "the-business-council-of-new-york-state-inc.",
"type": "Cyber Attack",
"date": "2/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '47,329 individuals',
'industry': ['business lobbying',
'economic development',
'group insurance'],
'location': 'New York State, USA',
'name': 'Business Council of New York State (BCNYS)',
'size': 'Represents 3,000+ member organizations '
'employing 1.2+ million people',
'type': 'Non-profit business advocacy organization'},
{'industry': 'Varied (members span multiple sectors)',
'location': 'Primarily New York State, USA',
'name': 'Member organizations (including IBM, Kodak, '
'and small businesses)',
'type': ['corporations', 'small businesses']}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '47,329',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'state ID numbers',
'financial account '
'numbers',
'taxpayer '
'identification '
'numbers',
'electronic '
'signatures'],
'sensitivity_of_data': 'High (includes SSNs, financial '
'details, and medical records)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial information',
'protected health information '
'(PHI)',
'taxpayer identification data',
'electronic signatures']},
'date_detected': '2024-02-01',
'date_resolved': '2024-08-04',
'description': 'A cyberattack on the Business Council of New York State '
'(BCNYS) in February 2024 resulted in unauthorized access to '
'sensitive personal and medical information of 47,329 '
'individuals. The compromised data included names, Social '
'Security numbers, state ID numbers, financial account '
'details, payment card information (including PINs and '
'expiration dates), taxpayer identification numbers, '
'electronic signatures, and medical records (diagnoses, '
'prescriptions, treatments, procedures, and health insurance '
'details). The organization, which represents over 3,000 '
'businesses employing 1.2+ million people, completed its '
'investigation on August 4, 2024. BCNYS offers lobbying '
'services and group insurance programs to its members, '
'including major companies like IBM and Kodak.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive personal and '
'medical data of 47,329 individuals, '
'including members of major '
'corporations.',
'data_compromised': ['names',
'Social Security numbers',
'state ID numbers',
'financial account numbers',
'routing numbers',
'payment card numbers',
'PINs',
'expiration dates',
'taxpayer identification numbers',
'electronic signature information',
'medical data (diagnoses, prescriptions, '
'treatments, procedures)',
'health insurance information'],
'identity_theft_risk': 'High (due to exposure of SSNs, financial '
'details, and medical records)',
'payment_information_risk': 'High (payment card numbers, PINs, and '
'expiration dates compromised)'},
'investigation_status': 'Completed (as of August 4, 2024)',
'references': [{'source': 'Original incident report (hypothetical, as no '
'direct URL provided)'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes (reported to '
'regulators in multiple '
'states)'},
'response': {'incident_response_plan_activated': 'Yes (investigation '
'completed by August 4, '
'2024)'},
'title': 'Cyberattack on the Business Council of New York State Exposes '
'Sensitive Data of 47,000+ Individuals',
'type': ['data breach', 'cyberattack']}