Cyber Incident Victim: Police Department of New York
Date:
Dec 2021
Location:
United States of America
Summary
The Administrative Fund of the Detectives’ Endowment Association, Inc., representing New York City Police Department detectives, experienced a data breach when an unauthorized party accessed its email system, compromising sensitive member information including names, addresses, dates of birth, driver’s license numbers, financial and payment card details, medical history, health insurance data, and login credentials. The breach impacted approximately 21,544 active and retired members. Following the detection of suspicious email activity, the organization secured its systems, initiated an investigation confirming the unauthorized access, and subsequently notified affected individuals about the exposure of their personal data, which heightens risks of identity theft and fraud.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 16, 2021, the Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department of New York (NYCDEA) detected suspicious activity within its email system. The organization immediately secured its email environment and initiated an investigation with assistance from external cybersecurity experts. The investigation confirmed on October 3, 2022, that an unauthorized party had gained access to the email system and obtained files containing sensitive member information. The compromised data included names and addresses, dates of birth, driver’s license or state identification card numbers, financial account numbers, username and password credentials, payment card information, medical history, and health insurance details. NYCDEA subsequently reviewed the affected files to identify impacted individuals and determine the specific data elements exposed in each case. The breach affected 21,544 active and retired members of the New York City Police Department represented by the union.
NYCDEA formally reported the incident to the Maine Attorney General’s office on October 31, 2022, and notified all affected individuals via mailed data breach letters the same day. The notification letters outlined the nature of the compromised information and advised victims about potential risks of identity theft and fraud stemming from the exposure of sensitive personal and financial data. As a labor union representing over 20,000 detectives, NYCDEA maintains significant volumes of member information across its systems. The organization employs more than 25 staff members and generates approximately $11 million in annual revenue. No evidence suggested the breach extended beyond the email system environment. The incident exposed multiple categories of high-sensitivity data that could facilitate financial fraud, medical identity theft, or credential-stuffing attacks against victims. NYCDEA did not disclose whether law enforcement agencies were engaged to investigate the unauthorized access or if additional security measures were implemented beyond securing the email system.