The city’s Department of Finance has inadvertently triggered a major data breach by mistakenly sending a comprehensive list of its employees’ personal information, such as home addresses, cell numbers, and email addresses, to nearly 1,800 workers during a failed test of its emergency notification system. The incident was compounded by automated phone calls made in the early hours, deviating from the intended schedule.
Concerns have arisen among employees about the widespread exposure of their sensitive data, particularly their home addresses, leading to apprehension about potential misuse. Associate Commissioner for Workforce Management Corinne Dickey promptly notified the city’s Office of Technology & Innovation and its Cyber Command of the breach, initiating an investigation.
The cause of the breach is under scrutiny, and while Dickey refrained from pinpointing the source of failure, she acknowledged that an error had occurred in the timing of the call and in the issuance of an email containing the employee data. The notification system’s vendor, Everbridge, a Massachusetts-based critical incident management firm, was identified as the party responsible for rectifying the situation.
However, Department of Finance spokesperson Ryan Lavis only addressed the issue of pre-dawn automated phone calls, leaving unanswered questions regarding the potential exposure of employee information beyond the agency.
This breach is part of a concerning pattern, following recent data breaches at the Department of Education. It highlights the vulnerability of personal data in various city agencies, with a growing need for enhanced cybersecurity measures to safeguard sensitive information. The incident underscores the importance of thorough investigation, accountability, and strengthened data protection mechanisms to prevent future breaches and maintain the confidentiality of employee data.
