Cyber Incident Victim: New York State

On January 28, 2020, New York's Office of Information Technology Services (ITS) detected an intrusion into state government computer networks. The attackers had established encrypted communication tunnels across multiple servers, enabling covert data transmission. The breach remained undisclosed to the public until April 2020, when state officials confirmed the incident following inquiries from The Wall Street Journal. Senior adviser Richard Azzopardi stated investigators found no evidence that personal information of residents or state employees was exfiltrated or compromised. Initial internal investigations by ITS revealed a previously unknown backdoor several weeks after detection, prompting the engagement of third-party cybersecurity firm CrowdStrike in mid-February to assess the full scope. New York authorities collaborated with the FBI to identify the perpetrators, with sources attributing the attack to foreign actors based on investigative findings.

CrowdStrike's forensic analysis identified more than 25 compromised servers and encrypted networking appliances across multiple state agencies. Affected entities included the New York State Police and the Departments of Civil Service and Environmental Conservation, indicating broad network penetration. In response, ITS implemented enhanced security measures across government systems and mandated password resets for thousands of state agency employees to contain potential credential-based threats. The incident underscored systemic vulnerabilities in New York's infrastructure, though officials maintained operational continuity throughout the remediation. No ransomware deployment or public data exposure was confirmed during the investigation. The state's containment strategy focused on eliminating attacker persistence mechanisms while preserving evidence for the ongoing federal investigation into the breach's origins and perpetrators.