Cyber Incident Victim: CNY Works
Date:
Dec 2019
Location:
United States of America
Summary
A ransomware attack encrypted files on servers belonging to a New York employment nonprofit, potentially exposing names and Social Security numbers of approximately 56,000 clients. The organization engaged cybersecurity professionals to investigate, restored data from backups, and found no evidence that attackers accessed or stole personal information. Notification letters were delayed until completion of the investigation, which identified affected individuals months after the initial discovery. While the attackers' motive appeared financially driven through file encryption, no ransom demand was received. The nonprofit offered impacted clients complimentary credit monitoring services as a precaution against potential identity theft despite no confirmed misuse of data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 21, 2019, CNY Works discovered a potential ransomware incident affecting its systems when malware infected servers and encrypted files. The nonprofit employment agency immediately initiated an investigation involving external cybersecurity professionals to assess the breach. Forensic analysis confirmed the attackers deployed ransomware, likely introduced through a malicious email attachment, which encrypted files across multiple servers to block legitimate access. CNY Works restored affected files using redundant backup systems, circumventing the need to engage with the attackers, who never issued a ransom demand. The agency concluded the intrusion aimed to extort payment rather than steal data, citing no evidence that threat actors viewed, accessed, or exfiltrated information.
The investigation, completed on May 27, 2020, revealed that encrypted files contained names and Social Security numbers belonging to approximately 56,000 clients who had utilized career services, unemployment assistance, or job search programs. Although no misuse of personal information was detected, CNY Works notified all potentially affected individuals via mailed letters in July 2020—seven months post-incident—as a precautionary measure. The delayed notification resulted from the time-intensive process of identifying compromised data within encrypted systems. Impacted individuals received one-year subscriptions to Experian IdentityWorks Credit 3B for credit monitoring and identity theft protection. The breach occurred prior to the agency’s March 17, 2020, pandemic-related closure of its James Street career center, which normally provided computer access, resume workshops, and unemployment application support. Client data exposure risk included potential identity theft scenarios such as fraudulent credit applications using stolen Social Security numbers.