On June 24, 2023, the New York City Department of Education posted an “Alert Regarding Data Incident” after learning that student and employee information was leaked as a result of a data breach involving MOVEit, a file transfer software used by the Department. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to victims’ names, Social Security numbers and employee identification numbers. After confirming that consumer data was leaked, NYCDOE will begin sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from the New York City Department of Education, it is essential you understand what is at risk and what you can do about it. The NYC Department of Education is one of many large organizations affected by the MOVEit data breach, which has so far affected millions of Americans. Data breaches like this one can put your confidential information in the hands of hackers looking to steal your identity or commit other frauds against you. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the NYC Dept. of Education data breach, please see our recent piece on the topic here.
What We Know So Far About the NYCDOE Breach
News of the NYC Dept. of Education data breach is still fresh; however, what we know at this point comes from the company’s June 24, 2023 post entitled "Alert Regarding Data Incident.” According to this source, the NYC Dept. of Education was recently informed that a file-sharing software called MOVEit contained a vulnerability allowing hackers to access files that were supposed to be kept private. The NYC Department of Education used MOVEit to transfer files internally as well as to third-party special education service providers.
Upon learning of the vulnerability and subsequent breach, the NYC Dept. of Education installed a patch to cure the vulnerability and began working with NYC Cyber Command to ensure its systems were secure. The New York City Department of Education then launched an internal investigation to determine what, if any, confidential information was subject to unauthorized access.
The Department’s investigation is ongoing; however, the Department confirmed that “approximately 45,000 students, in addition to DOE staff and related service providers” were affected by the incident. Evidently, approximately 19,000 documents were accessed without authorization. So far, the NYC Dept. of Education has not provided an estimate of how many employees were affected.
Upon discovering that sensitive consumer data was made available to an unauthorized party, the NYC Dept. of Education began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number and employee identification number. Additionally, third-party news outlets have reported that the breach also leaked the results of some student evaluations.
On June 24, 2023, the NYC Dept. of Education indicated that it will send out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. Importantly, the recent breach of NYCDOE member data did not involve NYCDOE’s system being hacked; the incident was limited to data within the MOVEit tool.
More Information About New York City Department of Education
Officially established in 1842, the New York City Department of Education is the government entity responsible for overseeing all schools and educational programs within New York City. NYCDOE administration oversees the education of 1.1 million students who attend more than 1,800 schools in New York City. NYC Dept. of Education employs more than 132,000 people and generates approximately $29 billion in annual revenue.
