Cyber Incident Victim: Brooklyn Defender Services

Brooklyn Defender Services, a public defender organization handling criminal, immigration, and family cases, publicly disclosed a data security incident on December 10, 2020. The organization confirmed that an unauthorized individual had gained access to certain employee email accounts. While the exact timeline of initial intrusion or detection of abnormal activity was not disclosed, BDS specified that on September 13, 2020, it determined compromised emails or attachments potentially contained sensitive personal information. This included names, addresses, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, health information, and biometric data such as fingerprints belonging to both employees and clients. The breach impacted current and former employees, their dependents and beneficiaries, as well as clients represented by the organization. BDS acknowledged it lacked current contact details for all affected individuals but initiated notification procedures while advising vigilance against unauthorized financial or medical activity.

In response to the incident, Brooklyn Defender Services implemented additional authentication measures for remote email access and enhanced its data security protocols. The organization also conducted staff re-education to improve awareness of similar threats. Affected individuals were offered complimentary access to Kroll’s Credit Monitoring, Fraud Consultation, and Identity Theft Restoration services. BDS established a dedicated call center and published a website (http://bds.org) to provide further information, urging those concerned about potential data exposure to proactively contact these resources. The organization expressed regret for the incident but did not disclose technical details regarding the attacker’s methods, the number of compromised accounts, or the total individuals affected. No ransomware or explicit motive was cited in the public statement.