New York Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Back to Archive
New York.jpg
 

Public Safety

Albany, Saratoga, and Rensselaer County 911 Systems

Breach Type – Unknown, Ransomware

CBS6

  • The County Sheriff confirmed publicly that there was a breach into the county 911 system
  • The breach did not affect phone systems but did affect the computer systems
  • Systems were never rendered offline despite attacks and no sensitive information was exposed
Read More

 
City of Albany, Albany County

Breach Type - Unknown, Ransomware

Times Union

  • The city had fallen victim to a ransomware attack and it was announced publicly
  • The full extent of the attack was not immediately revealed
  • It is still being examined and information will be released to the public as it is found
Read More
Times Union

  • The Albany Police Officers Union was affected by this attack
  • Many city services were taken down due to the attack, the Police Union could not access internet-dependent systems
  • Limited access affected the patrols and their operations, the department was still manned properly
Read More
Security Info Watch

  • The ransomware attack that plagued the city's servers has now affected criminal cases as all 2018 internal affairs file have been lost
  • In a public statement the District Attorney wrote that the files were only discovered to be lost more than 18 months after the attack
  • Almost $300,000 was paid out to help recover from the attack and restore servers
Read More

 
Massena Hospital, St. Lawrence County

Breach Type – Unknown, Ransomware

NNY360

  • Saint Louis health systems had to divert ambulances and move to offline documentation methods at three hospitals
  • Cyberattack managed to disable some of the hospitals computer systems early Tuesday morning
  • Hospital authorities have notified, and have been working with, the FBI and the US Department of Homeland security to exchange information on the virus
Read More

 
Gouverneur Hospital, St. Lawrence County

Breach Type – Unknown, Ransomware

NNY360

  • Saint Louis health systems had to divert ambulances and move to offline documentation methods at three hospitals
  • Cyberattack managed to disable some of the hospitals computer systems early Tuesday morning
  • Hospital authorities have notified, and have been working with, the FBI and the US Department of Homeland security to exchange information on the virus
Read More

 
Canton-Potsdam Hospital, Saint Lawrence County

Breach Type – Unknown, Ransomware

NNY360

  • Saint Louis health systems had to divert ambulances and move to offline documentation methods at three hospitals
  • Cyberattack managed to disable some of the hospitals computer systems early Tuesday morning
  • Hospital authorities have notified, and have been working with, the FBI and the US Department of Homeland security to exchange information on the virus
Read More

 
New York State Servers, State of New York

Breach Type – Hacking, Other

My San Antonio

  • Statewide cyberattack caused nearly month-long setback
  • Officials believed attack originated outside the country
  • IT personnel discovered several hacked servers
Read More

 
Town of Colonie & Colonie Police Department, Albany County

Breach Type – Unknown, Ransomware

WNYT

  • Colonie, New York among latest victims of ransomware cyberattack
  • At least three other attacks occurred in the same area within the last year
  • Officials reported no outages for emergency services
Read More

 
NYPD Database, New York County

Breach Type – Hacking, Ransomware

NY Post

  • Contractor used compromised device, caused NYPD fingerprint database to go down
  • Over 20 fingerprint devices were taken down by infected computer
  • Contractor was questioned but not charged, officials stated less than 1% of NYPD's computers affected
Read More

 
Schenectady County Government, Office of Sheriff, & Correctional Facility, Schenectady County

Breach Type - Malware

News 10

  • Schenectady County officials detected a virus in the computer network
  • County website and email system temporarily shut down
  • No evidence of data breach due to virus
  • 911 Central Dispatch Center unaffected
Read More
Times Union

  • Network systems hacked and rendered offline
  • Jail & Courthouse affected
  • Malware quickly detected
  • As a result, emails and website systems shut down
Read More
Gov Tech

  • Sheriff's office computer systems compromised by malware
  • Hackers suspected to be part of crime syndicate
  • Malware moved laterally across systems targeting data
Read More

 
Schuyler County Sheriff’s Department

Breach Type - Hack

Lockport Journal

  • Direct attack from foreign country on Schuyler County
  • Hackers attempted multiple passwords to get online
Read More
WENY News

  • No data was compromised/breached
  • Schuyler county was up to date with anti-virus & anti-malware
  • This specific attack was more advanced than the security they had set up
Read More

 
BACK TO TOP

Local Government

Town of Rotterman, Schenectady County

Breach Type – Phishing, Data Breach

News 10

  • Police reports state the town experienced a data breach on Jan 29th at 2:30pm
  • Some people have been getting emails from the bad actors asking for Drivers License Numbers and Social Security Numbers
  • The Town doesn't ask for information in this manner and warns any recipients of these emails to report them to police
Read More

 
Long Beach Computer Network, Nassau County

Breach Type – Unknown, Malware

Patch

  • The City of Long Beach was recent victim of cyber attack forcing the city to shut down computer networks
  • It was shut down in hope to prevent further damage of city data and prevent spread
  • There is no indication the data was breached or used in malicious manner as investigations continue
Read More

 
Town of Canandaigua, Ontario County

Breach Type – Phishing, Ransomware

Democrat & Chronicle

  • Bad actors utilized ransomware in cyberattack against town government
  • Officials believed phishing was the likely entry method
  • Town had recently been issued grant from state Homeland Security agency to analyze the risk of cyberattack
Read More

 
Village of Boonville Employee Email Accounts, Oneida County

Breach Type – Phishing, Other

Rome Sentinel

  • Village email accounts hacked following phishing cyberattack
  • Officials remained uncertain about identity of bad actors
  • Residents complained of government emails requesting iTunes gift cards
Read More

 
Chenango County Systems, Chenango County

Breach Type – Unknown, Ransomware

WBNG

  • Most of the county’s government departments were affected by cyber attack
  • Chenango County is not willing to pay ransoms, would rather try to rebuild servers themselves
  • IT director stated that there is a backup of the system that could help the county restore all their computers
Read More

 
Buffalo and Erie County Library, Erie County

Breach Type – Unknown, Data Breach

WGRZ

  • Private data likely leaked following cyberattack on library database
  • Bad actors conducted a ransomware hit on third-party vendor
  • Names, addresses, emails, and phone numbers were among leaked information
Read More

 
CNY Works, Onondaga County

Breach Type – Unknown, Ransomware

Government Technology

  • Nonprofit agency was victim of ransomware cyberattack
  • Approximately 56,000 individuals had names and Social Security numbers exposed
  • Third party cybersecurity firm was brought in to help with investigation
Read More

 
City of Olean, Cattaraugus County

Breach Type – Unknown, Ransomware

Olean Times Herald

  • City IT officials discovered and stopped ransomware cyberattack
  • Mayor commented that attack occurred during vulnerable time for city
  • Email and clerk's office were among those directly affected
Read More

 
New York City’s MMS and SMS text-messaging system, State of New York

Breach Type – Hacking, Other

Fox 28 Media

  • Bad actors hijacked MMS and SMS messaging
  • Fraudulent government service shutdown messages sent
  • US intelligence agencies helped investigate
Read More

 
Nassau County, Nassau County

Breach Type – Phishing, Other: Funds Stolen

WCBS 880

  • County was victim of phishing cyberattack
  • Officials were able to recover hundreds of thousands of dollars
  • Employees became suspicious when they noticed grammatical errors
Read More

 
Albany International Airport, Albany County

Breach Type – Unknown, Ransomware

Daily Gazette

  • Ransomware utilized in cyberattack against airport
  • Federal and state law enforcement conducted investigation
  • Airport dropped third-party vendor following attack
Read More

 
Town of Moreau, Saratoga County

Breach Type – Unknown, Malware

Post Star

  • A Christmas eve attack leaves the town hall potentially having personal data exposed
  • The town was notified of the virus by an IT contracted company that monitors their networks
  • It took over 30 man hours spanning onto Christmas day to resolve the attack allowing systems to be restored to backups
Read More

 
Onandaga County Public Library Systems

Breach Type – Unknown, Other

Syracuse

  • Public library announced via social media that online systems were down and expected not to be online until after the weekend
  • All branches impacted and online catalog and accounts were not available – some phone systems were also impacted
  • Unclear if this outage is connected with the Syracuse City School District ransomware attack
Read More

 
Broome County Government Systems, Broome County

Breach Type - Phishing, Data Breach

Press Connects

  • Broome County victim of cyber attack, suspect likely accessed personal information of county employees
  • County officials discovered the breach after employee's direct deposit information was changed
  • Officials advised that they added multi-factor authentication and additional employee training
Read More

 
U.S. Congressman (Peter King) Campaign Website, Long Island, Kings County, Queens County

Breach Type - Other

wshu Public Radio

  • Campaign website for U.S. Congressman, Peter King, targeted by hackers
  • Cyber attackers defaced website with Turkish Propaganda
  • Malware has since been removed, unknown how the attackers infiltrated the website
Read More

 
Otsego County

Breach Type - Other, Cryptojacking

The Daily Star

  • County government experienced significant cyber attack
  • Infiltrators exploited zero-day vulnerability in system
  • Services taken offline
  • No indication that citizen data was accessed or exposed
Read More
The Daily Star

  • Eastern European hackers infiltrated Otsego county network
  • Used system’s computing power to mine cryptocurrency
  • Systems ran very slowly, CPU’s maxed out, several servers showed alerts of a potential virus
  • Remote desktop server in a county employee’s home was identified as the source of the breach
Read More

 
Town of Ulster, Ulster County

Breach Type - Malware

Daily Freeman

  • Entire town system affected by virus
  • Virus infiltrated outlook accounts, sending mass mal-spam emails to town contacts
  • Town of Ulster constantly re-infected with virus resulting in a painstaking recovery
Read More

 
Town of Irondequoit, Monroe County

Breach Type - Phishing, Other

13 abc WHAM

  • Irondequoit employee fell victim to phishing scheme
  • Email account used to send out unauthorized mass email
  • Email contains malicious PDF attachment
  • Town warning to immediately receive the malicious email should residents receive it
Read More

 
St. Lawrence County Website, St. Lawrence County

Breach Type - Hacking, Other

WW NY TV

  • Website shut down due to hack
  • St. Lawrence county home-page defaced
  • Hackers claimed to contain private county information
  • County does not believe any private information compromised
Read More
WW NY TV

  • Employees instructed to reset account passwords in wake of website defacement
  • IT department conducting investigation to find source of hack
  • County website will be restored after investigation concludes
Read More

 
Town of Brookhaven

Breach Type - Hack

CBS New York

  • Part of Islamic Union test hacks of government websites
  • Team System Dz claims responsibility
  • Brookhaven one of 76 websites impacted in this string of ISIS Propaganda
Read More

 
Rensselaer Public Library

Breach Type - Ransomware

Altamont Enterprise

  • Hackers ask for several hundred dollars as ransom
  • Library server was slow, indicating virus had infected system
  • Wiped server clean and restored it in a week
Read More

 
Orange County

Breach Type - Hack

Data Breaches

  • Hackers gain access to those involved with Middletown PD
  • Investigation has not proven fraudulent misuse of personal information
  • FBI notified city that its network was compromised
Read More

 
Onondaga County

Breach Type - Ransomware

Syracuse

  • Virus originated from Russia
  • Employee recognized suspicious activity on computer and notified IT dept. immediately
  • IT staff shut computer of network before virus could spread
  • Virus was thwarted, further investigation helped identify cause and origin
Read More

 
BACK TO TOP

Medical

Personal Touch Home Care Center, Nassau County

Breach Type – Unknown, Data Breach

Becker's Hospital Review

  • Data breach occured because of a ransomware attack on a cloud-based storage system
  • Compromised information of both employees and patients may include SSNs, financial information, and medical records
  • An investigation is underway
Read More

 
Preferred Home Care of New York, Kings County

Breach Type – Unknown, Ransomware

Data Breaches

  • Information was posted online as proof of the unauthorized access that occurred
  • Bad actors accessed information that included names, contacts and demographic information such as address, emails, phone numbers, and dates of birth
  • There is no evidence that the information has been used in a malicious manner
Read More

 
Four Winds Hospital, Westchester County

Breach Type – Unknown, Ransomware

Data Breaches

  • The hospital was victim to a ransomware attack that denied access to hospital systems
  • The attack was learned of September 1st and prompted notifying Federal Law Enforcement and NYS
  • Sensitive information and private patient information was accessed by bad actors
Read More

 
Wyckoff Heights Medical Center, Kings County

Breach Type – Unknown, Ransomware

Digital Journal

  • Hospital was victim of Ryuk ransomware cyberattack
  • Healthcare provider was one of several victims in a spree of attacks
  • Officials disabled their network in an attempt to mitigate the damage
Read More

 
Oswego health, Oswego county

Breach Type – Unknown, Data Breach

Oswego County News Now

  • Bad actors were potentially able to gain access to employee email account between June 11th and June 15th
  • Official statement did not state how or when potential leak was discovered
  • Exposed emails contained potentially sensitive information regarding patients
Read More

 
Century Specialty Script, Westchester County

Breach Type – Phishing, Data Breach

Data Breaches

  • Specialized pharmacy in New York released public statement stating that potential exposure may have occurred
  • According to public release exposure was caused through exploit in office 365 Microsoft account
  • Bad actors may have been able to gain access to sensitive information
Read More

 
Catholic Health, Erie County

Breach Type – Unknown, Data Breach

WIVB 4

  • Catholic Health was among 3 million healthcare providers serviced by Blackbaud
  • Blackbaud had been victim of massive data breach
  • Information included names, medical record numbers, and dates of service among others
Read More

 
Memorial Sloan Kettering Cancer Center, Manhattan Borough

Breach Type – Unknown, Data Breach

ABC 7

  • Third-party vendor was victim of data breach, affected healthcare providers
  • Officials believed credit card, social security, and bank information remained safe
  • Outside IT personnel were contacted to assist with investigation
Read More

 
Montefiore Medical Center, Bronx Borough

Breach Type – Unknown, Data Breach

PR Newswire

  • Third-party vendor was victim of cyberattack, affecting healthcare provider
  • Officials reassured patients that only vendor's database had been hit
  • Healthcare center established dedicated call center to assist affected patients
Read More

 
Samaritan Medical Center, Jefferson County

Breach Type – Unknown, Malware

WWNY 7 News

  • Staff have to resort to using both pen and paper in the medical center following a server shutdown due to potential security indecent
  • The hospital is still caring for patients despite the lack of servers although some appointments were postponed
  • No patient transfers were able to be completed due to the lack of information on databases
Read More
WWNY 7 News

  • Computer systems were restored following the attack
  • It has not been publicly released whether or not the attack was ransomware based
  • A third of the 1,400 computers have been check and restored back to functional operations
Read More
Becker's Hospital Review

  • The hospital was taken offline following the attack and prompted both restorations and investigations of the servers
  • Third party professionals were brought in to assist with restoration processes
  • Patients are still being seen and are advised to bring their own medication lists for appointments
Read More

 
Boyce Technologies, Queens Borough

Breach Type – Unknown, Ransomware

Cointelegraph

  • Bad actors threatened to leak data following ransomware cyberattack
  • Officials believed that due to the nature of the attack the setback could cost lives
  • Medical company did not disclose the extend of the attack
Read More

 
Samaritan Medical Center, Jefferson County

Breach Type – Unknown, Malware

WWNY 7 News

  • Healthcare center hit in malware cyberattack, forced to utilize pen and paper notes
  • Both the FBI and US Department of Homeland Security were notified of the cyberattack
  • Hospital continued to take patients, damage caused was minimal
Read More

 
Oswego Health, Oswego County

Breach Type – Phishing, Other

Becker's Hospital Review

  • Healthcare provider launched investigation following phishing attempt
  • Employee email account was fraudulently accessed by bad actor
  • Officials confirmed hacked account had been re-secured
Read More

 
National Eating Disorders Association (NEDA), New York County

Breach Type – Unknown, Ransomware

Medium

  • Bad actors threatened release of data following cyberattack
  • Non-profit organization was latest victim of ransomware
  • Sensitive data was leaked several days later
Read More

 
East House, Monroe County

Breach Type - Phishing, Data Breach

PR News Wire

  • East house is alerting public of potential data misuse in recent suspicious activity
  • An employee email was accessed potentially exposing several employees' sensitive private information
  • Following event East house is informing staff on preventative measures to avoid future reoccurrences
Read More

 
Personal-Touch Home Care, Nassau County

Breach Type - Unknown, Ransomware

Beckers Hospital Review

  • Over 157,000 patients had information exposed
  • Ransomware used by bad actors to steal private information
  • Third party IT firm and federal law enforcement assisted
Read More

 
Jordan Health, Monroe County

Breach Type - Unknown, Ransomware

Rochester First

  • Health center was victim of ransomware cyberattack
  • FBI and others helped investigate attack and restore system
  • Officials believed patient information wasn't leaked
Read More

 
Health Quest; Lagrangeville, Dutchess County

Breach Type – Phishing, Data Breach

Becker’s Hospital Review

  • Numerous employees were victim of phishing cyberattack
  • Employees provided credentials to fraudulent entity
  • IT officials secured affected email accounts following attack
Read More

 
Brooklyn Hospital Center, Kings County

Breach Type – Unknown, Ransomware

Bleeping Computer

  • Ransomware attack caused permanent data loss at Brooklyn Hospital
  • Officials believed that data was not stolen from their system and was only removed
  • Notification to patients indicated that hospital did not have appropriate backup systems
Read More

 
Adirondack Health, Franklin County

Breach Type - Hacking, Data Breach

Health IT Security

  • 25,000 patients have been notified following an attack potentially exposing sensitive information
  • A hacker had gained access to an email account allowing them to view protected information of one email containing medical information
  • It does not seem to originate from a phishing attack and instead accessed from an outside remote attack
Read More

 
Olean Medical Group, Cattaraugus County

Breach Type - Unknown, Ransomware

Olean Times Herald

  • It was discovered that 40,000 patients were not exposed following a hack
  • The group remains actively practicing, simply resorting to pen and paper as systems are restored
  • The attack was compared to a terrorist attack as hackers sought out an large sum in order to supposedly restore files
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches

  • There had been suspicious email activity in employee’s email accounts
  • Third party investigators assisted investigations finding that the accounts had been accessed
  • Some sensitive patient information had been exposed due to the compromised email accounts
Read More

 
DePaul’s Behavioral Health Program, Erie County

Breach Type - Phishing, Data Breach

Democrat and Chronicle

  • There was a data breach found that had left some patients exposed
  • Over 40,000 emails were examined due to this phishing scam
  • There was a percentage of emails that contained sensitive patient information
Read More

 
Elizabethtown Community Hospital, Essex County

Breach Type - Phishing, Data Breach

Data Breaches

  • Employee’s email account was remotely accessed by an unauthorized user
  • Incident did not affect the hospital’s computer networks or electronic medical records
  • Compromised account contained sensitive medical information of patients
  • Patients’ data potentially compromised
Read More

 
Episcopal Health Services, Queens County

Breach Type - Phishing, Data Breach

Data Breaches

  • Email accounts subject to unauthorized access for 2 months
  • Third party forensic investigators thoroughly inspected the suspicious activity
  • The accounts involved contained protected health information and financial information
Read More

 
New York Oncology Hematology, Albany County

Breach Type - Phishing, Data Breach

Times Union

  • Health insurance records for more than 128,000 patients and workers potentially stolen by hackers
  • New York Oncology Hematology reported that staff fell victim to phishing attack
  • Cyber attack occurred in April and no evidence has surfaced that personal data was accessed or misused
Read More

 
Med Associates, Inc. - Albany Co.

Breach Type - Hack

WHEC

  • Med Associates discovered unusual activity at workstation
  • Hackers accessed the workstation & potentially compromised PHI
  • Med Associates worked to notify patients & offered identity protection services
Read More

 
Middletown Medical, Orange County

Breach Type - Other/Vulnerability, Data Breach

Record Online

  • Security setting in radiology interference allowed access to electronic patient information
  • Middletown Medical acted to prevent further unauthorized access
  • Notified potentially affected individuals and offered one year of identity protection services
Read More

 
Finger Lakes Health

Breach Type - Ransomware

WHEC

  • Hackers demand ransom to decrypt files of Finger Lakes Health NY
  • No evidence of compromised patient/staff data has surfaced
  • Employees have emergency plan for cyber attacks
  • Daily tasks completed manually
Read More

 
St. Peter's Hospital

Breach Type - Hack

timesunion

  • Malware installed on St. Peter's servers
  • Second largest breach of NY since 2016 hits St. Peter's Hospital
  • Hackers potentially compromised medical records of 135,000 patients
Read More

 
Jones Memorial Hospital

Breach Type - Hack

WIBV

  • Experienced unexpected downtime due to cyber attack
  • Manually entering information into patient charts
  • No patient data is believed to be compromised
Read More
SC Magazine

  • Jones Memorial rendered a limited number of information services inoperable
  • Working with University of Rochester, Noyes Health & St. James Mercy Hospital to restore systems
Read More
EHR Intelligence

  • Systems back online after two weeks of E.H.R. downtime
  • Evaluating and updating security measures to prevent future attacks
Read More

 
Pharmacy Innovations

Breach Type - Hack

Biz Journals

  • Hack leads to breached data of more than 1,200 patients
  • Pharmacy Innovations was the 4th health data breach for NY in 2017
  • Case under investigation by the Office for Civil Rights
Read More

 
Kaleida Health

Breach Type - Phishing

Healthcare IT News

  • Kaleida Health employee falls victim to phishing scheme
  • Private data of 744 individuals potentially affected
  • Kaleida offering free credit monitoring
  • As a result of multiple data breaches, Kaleida working to improve cyber security
Read More

 
Erie County Medical Center

Breach Type - Ransomware

Buffalo News

  • Ransomware attack causes computer system disruption
  • Affected the medical center's ability to provide medical treatment
  • ECMC refused to pay ransom
  • Restoring systems with help of IT staff
Read More

 
Metropolitan Jewish Health System

Breach Type - Phishing

Data Breaches

  • Employees falls victim to spear phishing scheme
  • Some patient data left available to hacker
  • Notified patients about the phishing scam & established a security hotline
  • Health system reinforcing dangers of phishing to staff
Read More

 
BACK TO TOP

Education

Guilderland Central School District, Albany County

Breach Type – Unknown, Malware

GovTech

  • Malware attack on school district forces students back to remote learning
  • Specialists are helping the district to restore systems as quickly as possible
  • No sensitive data is confirmed to have been compromised at this time
Read More

 
Buffalo Public School District, Erie County

Breach Type – Unknown, Ransomware

Buffalo News

  • The school district noted publicly that it was the victim of a ransomware attack
  • Following the attack all remote classes were cancelled due to interruptions in school's systems
  • FBI investigations discovered that ransom may be between $100K - $300k and negotiable
Read More

 
Syracuse University, Onondaga County

Breach Type – Phishing, Data Breach

The Daily Orange

  • College university was victim of phishing cyberattack
  • Nearly 9,800 students, and others, had names and Social Security information leaked
  • University officials have coordinated with third-party credit monitor for assistance
Read More

 
Victor Central School District, Ontario County

Breach Type – Unknown, Malware

WHEC

  • The school district was closed for in person classes on Monday after a malware attack struck servers in the district
  • Bad actors were able to cause all internet services to stop operating
  • The ransomware was detected on Saturday and prompted efforts to take the network offline and prevent further damage
Read More

 
North Shore Hebrew Academy High School, Nassau County

Breach Type – Hacking, Data Breach

The Hill

  • Jewish school district was victim of hate-based cyberattack
  • Local and federal law enforcement investigated the incident
  • Student and staff addresses and credit card information was leaked
Read More

 
Croton Harmon School District, Westchester County

Breach Type – Unknown, Malware

Lohud

  • Superintendent in public release stated incident was a ransomware attack denying the school district access to it's data
  • School district was able to restore data from previous backups
  • Superintendent of firms no personal data was compromised only workstations were affected
Read More
Lohud

  • Superintendent Debra O'Connell stated the security breach was a ransomware attack
  • School district never considered paying ransom as they were able to restore systems from previous database backups
  • Superintendents told their communities that there was no evidence that any personal data had been compromised and that only onsite computer workstations were affected
Read More
Yonkers times

  • The ransomware attack encrypted data on a Yorktown Central School district networks
  • This forced school officials to restore servers from backups and go room to room to reimage devices
  • Superintendent's office did not respond to requests for comment
Read More

 
Yorktown school district, Westchester County

Breach Type – Unknown, Malware

Lohud

  • School district to face cyber attack affecting communications to community
  • Superintendents told communities there is no evidence of personal data being compromised
  • Public release states only laptops and computer workstations were affected
Read More

 
Bay Shore School District, Suffolk County

Breach Type – Unknown, DDoS

News Day

  • Hacker was able to affect computer services for school district
  • Public statement released says that attack was only meant to flood systems and not steal information
  • Hackers caused inconveniences for both staff and employees it is unknown whether there was a data breach at this time
Read More

 
Lindenhurst School District, Suffolk County

Breach Type – Unknown, DoS

Patch

  • Cyber attack causes continual Internet outages for school district
  • Intermittent outages were due to distributed denial of service attack
  • The attack has been reported to officials and will be investigated by state police and homeland security
Read More

 
Greece Central School District, Monroe County

Breach Type – Unknown, DDoS

Rochester First

  • School District fell victim to denial of service attack causing online learning to be shut down
  • Bad actor could be anything from high school student attempting to get out of school for a day, to a high-level hacker trying to cripple system
  • School district is now taking preventative measures
Read More

 
Floral Park-Bellerose School district , Nassau County

Breach Type – Unknown, Ransomware

The Island Now

  • Officials confirmed virtual education was impacted following cyberattack
  • Bad actors used ransomware, IT personnel shut down affected servers
  • District utilized off-site backups to help mitigate potential damage
Read More

 
Erie Community College, Erie County

Breach Type – Unknown, Malware

Buffalo News

  • 50 computers were disabled by a malware attack causing the college to go offline
  • Windows based computers were the only ones affected on all three college locations
  • Student data has not been affected by this attack due to backup servers
Read More

 
Jamesville-DeWitt High School listserv Email Application, Onondaga County

Breach Type – Hacking, Other

Syracuse

  • Three vulgar emails directed at school officials sent to student body
  • Bad actor hacked into school email listserv distributor
  • Officials suggested students log into email and have parents erase the messages
Read More

 
Niagara University, Niagara County

Breach Type – Unknown, Ransomware

Buffalo Business First

  • University services were impacted following cyberattack
  • Bad actors used ransomware to disrupt college network
  • Campus law enforcement investigated the attack
Read More

 
Pierson High School, Suffolk County

Breach Type – Hacking, Data Breach

Dans Papers

  • School district's computer systems were seized in cyberattack
  • Outage remained in effect over a week later, originally predicted to last 24 hours
  • Officials forced to utilize third part cybersecurity firm to assist with restoration
Read More

 
Mineola School District, Nassau County

Breach Type – Unknown, Ransomware

MSSP Alert

  • This school district being one of many struck by a Ryuk virus was able to restore encrypted files from backups
  • The Ryuk was also specifically designed to encrypt all backups in an attempt to secure the need for ransom
  • The Mineola school district was lucky that the backup was offline at the time of the attack, as servers were being worked on
Read More

 
Rockville Centre School District, Nassau County

Breach Type – Unknown, Ransomware

News Day

  • The school district paid almost $100,000 in ransom in an attempt to restore encrypted files on their servers
  • Due to their insurance the school was able to afford payment
  • IT was able to halt the encryption halfway through as it was attempting to spread
Read More
SC Magazine

  • $88,000 was paid in ransom to restore access to their files
  • Since the school district was able to halt the encryption processes and restore many files the ransom costs dropped almost $100,000
  • The school district states that paying the ransom was a result of exhausting all efforts made
Read More

 
Watertown City School District, Jefferson County

Breach Type – Unknown, Malware

WWNYTV

  • School district victim of malware attack, officials unsure of data loss
  • Superintendent stated that attacker had not yet demanded ransom
  • Watertown City School District advised to not logon to computer systems
Read More

 
Syracuse City School District, Onandaga County

Breach Type – Unknown, Ransomware

Syracuse

  • Ransomware hit the city’s school district and caused a week-long outage
  • The attack locked the school district out from using their own systems
  • The school is getting conflicting advice from their cyber insurance company vs. the FBI on whether to pay the ransom
Read More

 
Monroe College, Bronx County

Breach Type – Unknown, Ransomware

Syracuse

  • Monroe College based in Bronx, New York hit by ransomware attack with hackers demanding $2 million in Bitcoin
  • Campuses and facilities located in NY and FL have been impacted
  • Details of the attack have not yet been released to the public, but police are investigating
Read More

 
OCM BOCES, Onondaga Co., Cortland Co., Madison Co.

Breach Type - Other, TDoS/DDoS

Local SYR

  • Cyber attack disrupted the OCM BOCES network causing huge problems for school districts
  • Hackers are causing denial of security attacks
  • All personal and confidential information related to students and employees has been well protected
Read More

 
The University at Buffalo, Erie County

Breach Type - Hack

The Spectrum

  • Thousands of University at Buffalo accounts hacked
  • 28 faculty & staff accounts compromised
  • Login credentials stolen when entered into malicious website
Read More

 
OCM BOCES District

Breach Type - Hack

CNY Central

  • Cyber-attack targets OCM BOCES district during its ELA assessment testing
  • Attack shut down network intermittently, forcing reschedule of tests
  • No data stolen thanks to security measures in place
  • Technicians working to restore & stabilize connection for continuation of testing
Read More

 
Buffalo Public Schools District

Breach Type - Hack

Buffalo News

  • Denial of Service attack hits Buffalo Public Schools' network
  • The attack caused problems for the district for several hours
  • District officials believe the hackers are from overseas
Read More

 
The City University of New York Website

Breach Type - Hack/Cryptomining

WCCFTECH

  • Cryptojackers abuse "browsealoud" plugin to mine Monero from unsuspecting web-users
  • Over 4,200 webpages globally, affected by scheme
  • The City University of New York, Lehman College, and La Guardia Community College websites were all used by hackers to generate cryptocurrency
Read More

 
Cornell University

Breach Type - Phishing

Cornell Sun

  • Cornell University one of many servers affected by a Google Docs phishing scheme
  • Users affected had to immediately change passwords
  • Some contact data potentially exposed
Read More

 
Rhinebeck School District

Breach Type - Ransomware

Daily Freeman

  • Ransomware infects Rhinebeck School District through malicious email
  • Hackers demanded a $500 ransom to decrypt the servers
  • The district's IT traced the malware for 9 hours
  • Restored system using off-site backups
  • No data lost
Read More

 
Hudson City School District

Breach Type - Phishing

Data Breaches

  • Hudson City School District employee fell victim to phishing scheme
  • Hackers may have accessed social security numbers of all district staff
  • The attack mimicked the phishing scam which affected Lawrence Schools in Massachusetts
Read More

 
BACK TO TOP