Letter warns of data breach
Ex-state workers notified of stolen JCOPE passwords
Former state employees got a surprise in their mail Saturday: a notice that their passwords to an old state financial disclosures site were stolen in a cyberattack.
The email addresses, usernames and passwords were taken from the Joint Commission On Public Ethics Legacy system, which was used for financial disclosures prior to 2015.
When the theft was discovered, all passwords to the current financial disclosures system were reset, the letter said.
“Nevertheless, we understand that it is common practice for individuals to use the same password across multiple websites and applications,” the letter said.
“As a result, we urge you to immediately change your password on any other sites on which this password may have been reused and to always utilize complex passwords that do not repeat across different platforms.”
The letters were signed by commission Executive Director Sanford Berland, who offered an apology for the inconvenience and said the agency is taking steps to reduce the chance of another “security incident.”
The spokesman for former Gov. Andrew M. Cuomo was among those who received the letter. On Twitter, he immediately criticized the commission, asking if this breach is connected to another that happened earlier this year.
In a February attack, a web server containing the state’s filing systems for lobbying and financial disclosures had to be taken offline. At the time, officials said they didn’t yet know if user information was accessed.
At the time, JCOPE said, "The systems were taken down as a precaution earlier this week by the State Office of Information Technology Services ... when it received an alert of suspicious activity on that web server.”
The letter some people received about the recent compromised passwords was dated May 27, 2022.