Cyber Incident Victim: Administrative Fund of the Detectives’ Endowment Association, Inc.

On December 16, 2021, the Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department of New York (NYCDEA) detected suspicious activity within its email system. The organization immediately took steps to secure its email environment and engaged external experts to investigate the incident. The investigation continued for over nine months, culminating in a confirmation on October 3, 2022, that an unauthorized party had gained access to the email system. The intruders accessed files containing sensitive member information during this breach. NYCDEA subsequently conducted a review of the compromised files to identify the specific data types exposed and determine which individuals were affected. The breach impacted approximately 21,544 active and retired members of the New York City Police Department represented by the union.

The compromised information included names and addresses, dates of birth, driver’s license or state identification card numbers, financial account numbers, usernames and passwords, payment card information, medical history, and health insurance information. On October 31, 2022, NYCDEA formally reported the breach to the Attorney General of Maine and began notifying all affected individuals via data breach letters. These letters outlined the nature of the incident and provided guidance on mitigating identity theft and fraud risks stemming from the exposure. NYCDEA, which represents over 20,000 detectives and generates approximately $11 million in annual revenue, confirmed the breach originated from unauthorized email system access but did not disclose additional technical details about the attack vector or duration of access. The incident exposed highly sensitive personal and financial data, creating significant risks for victims given the breadth of compromised identifiers and health-related information.