The Business Council of New York State (BCNYS), an influential body representing businesses and professional groups, has confirmed that a recent cyberattack compromised the personal information of more than 47,000 people.
In a report submitted to the Office of the Maine Attorney General, the Council disclosed that attackers accessed a wide range of sensitive data. The files included basic identifiers such as names and dates of birth, along with highly confidential records like Social Security numbers, state-issued IDs, and taxpayer identification numbers. Financial data was also exposed, including bank account details, payment card numbers, PINs, expiration dates, and even electronic signatures.
What makes this breach particularly concerning is the theft of medical records. The stolen information included healthcare providers’ names, diagnostic details, treatment histories, prescription data, and insurance documents, material that is often harder to replace or protect than financial information.
Investigators believe the attack took place in late February 2025, but the Council only uncovered it months later in August. The delay meant that for several months, criminals could have had access to the stolen records without detection. So far, officials have not confirmed any cases of identity theft linked to this incident. However, security experts note that breaches of this scale often have long-term consequences, as stolen data may circulate for years before being used.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents