Cyber Incident Victim: New York State
Date:
Apr 2016
Location:
United States of America
Summary
Hackers affiliated with ISIS released personal details of approximately 3,600 residents in New York, including names, addresses, and email addresses, on an encrypted messaging platform while explicitly calling for their deaths. The list contained some government employees but primarily consisted of private citizens, with authorities noting portions appeared outdated. Federal and local law enforcement agencies proactively notified affected individuals but assessed the posting as intimidation rather than an imminent physical threat. This incident mirrored prior tactics by ISIS-aligned actors who previously published sensitive information targeting U.S. military personnel to incite violence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around April 29, 2016, hackers affiliated with the Islamic State (ISIS) disseminated a target list containing the personal details of approximately 3,600 New York residents through the encrypted messaging app Telegram. The list included names, physical addresses, and email addresses of individuals, with some entries identified as employees of the U.S. State Department and Department of Homeland Security, though most were private citizens. The hackers accompanied the data release with a message stating "We want them #Dead," explicitly encouraging ISIS supporters to attack the named individuals. Investigative sources indicated portions of the leaked information appeared outdated, though the full scope of inaccuracies remained unverified. The list was accessible only briefly before being removed from the platform. Federal authorities and the New York City Police Department initiated outreach to affected individuals to notify them of their inclusion in the posting, while simultaneously assessing the credibility of associated threats. Law enforcement officials publicly characterized the incident as an intimidation tactic rather than evidence of an operational plot, citing no indication of imminent danger to those named.
This incident mirrored a 2015 event where ISIS-aligned actors published personal information of 100 U.S. military personnel alongside calls for their assassination. The FBI confirmed its standard protocol of notifying potential targets when threat-related information surfaces during investigations, though it declined to comment on specific operational measures taken in this case. ISIS, which controlled territory in Syria and Iraq at the time, had previously claimed responsibility for coordinated international attacks including the November 2015 Paris assaults that killed 130 people. U.S. authorities noted they had arrested over 70 individuals for ISIS-related support activities between 2013 and 2016, contextualizing the hack within broader counterterrorism efforts. The primary immediate consequence was the disruption caused to listed individuals through law enforcement notifications, though no physical harm or subsequent attacks tied directly to the leaked data were documented in available reports.