Posted On November 6, 2022 Consumer Privacy & Data Breaches
On October 31, 2022, the Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department City of New York (“NYCDEA”) filed notice of a data breach with the Maine Attorney General after the organization learned that an unauthorized party gained access to sensitive information belonging to certain members. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to members’ names and addresses, dates of birth, driver’s license or state identification card numbers, financial account numbers, username and password information, payment card information, medical history, and health insurance information. After confirming that consumer data was leaked, NYCDEA began sending out data breach notification letters to all individuals impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the NYCDEA data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Administrative Fund of the Detectives’ Endowment Association, Inc.
The available information regarding the Administrative Fund of the Detectives’ Endowment Association, Inc. breach comes from the company’s filing with the Attorney General of Maine. According to this source, on December 16, 2021, NYCDEA detected suspicious activity with the organization’s email system. In response, NYCDEA took the necessary steps to secure its email environment and then began working with outside experts to investigate the incident.
On October 3, 2022, the NYCDEA investigation confirmed that an unauthorized party had indeed gained access to the organization’s email system and that they were able to access files containing sensitive member information.
Upon discovering that sensitive data was made available to an unauthorized party, the Administrative Fund of the Detectives’ Endowment Association, Inc. began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and address, date of birth, driver’s license or state identification card number, financial account number, username and password information, payment card information, medical history, and health insurance information.
On October 31, 2022, the Administrative Fund of the Detectives’ Endowment Association, Inc. sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Administrative Fund of the Detectives’ Endowment Association, Inc. is a labor union that represents detectives in New York City. The organization represents more than 20,000 active and retired members of the New York City Police Department. Administrative Fund of the Detectives’ Endowment Association, Inc. employs more than 25 people and generates approximately $11 million in annual revenue.
Yes, when it comes to protecting consumer data, U.S. data breach laws impose a similar obligation on all organizations, including non-profits, educational institutions, government entities and labor unions. So, depending on the circumstances surrounding the breach, a labor union such as the Administrative Fund of the Detectives’ Endowment Association, Inc. may be financially responsible to its members for a data breach.
However, labor unions are not automatically liable for a data breach; it is only when the breach was the result of the union’s negligence that it can be held liable. Additionally, data breach victims must prove that the organization’s failures were the cause of their harm. In other words, members must be able to establish a connection between the organization’s negligence and the member’s injuries, which are usually related to identity theft or other frauds.
To successfully hold an organization financially responsible for a data breach, a member must establish each of the following elements:
Notably, when it comes to legal standing to pursue a data breach claim, courts have held that victims of a data breach do not necessarily need to have fallen victim to identity theft to pursue a claim. These courts have determined that the increased risk of future identity theft is sufficient to give the victim the legal ability to bring a case against an organization. However, establishing a labor union’s liability in the wake of a data breach is a complex endeavor, and those interested in pursuing a claim should consult with an experienced data breach lawyer for assistance.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the NYCDEA data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by the Administrative Fund of the Detectives’ Endowment Association, Inc. (the actual notice sent to consumers can be found here):
Dear [Redacted],
We recently discovered that a data security incident may have resulted in the possible unintentional exposure of your personal information. This letter contains additional information about the incident, our response to this incident, and steps you can take to protect yourself. Please be assured that the Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department City of New York (“NYCDEA”) takes the protection and proper use of your personal information very seriously, and we sincerely apologize for any inconvenience this may cause.
What Happened:
On December 16, 2021, NYCDEA detected suspicious activity within its email environment. Upon discovery, NYCDEA immediately engaged a law firm specializing in cybersecurity and data privacy to investigate further. Additionally, NYCDEA engaged third-party forensic specialists to assist NYCDEA in its analysis of any unauthorized activity. The investigation concluded on October 3, 2022. While the potentially impacted information varies by individual, the investigation concluded that certain personal information – including names and addresses, and in some instances dates of birth, driver’s license/state identification card number, financial account number, username and password information, payment card information, medical history, and health insurance information – were accessed by an unknown party that is not authorized to handle or view such information.
Upon discovering the suspicious activity, the NYCDEA moved as quickly as we reasonably could. However, it took us considerable time to determine what information was impacted and who was potentially affected. Although we realized on December 16, 2021 that a cybersecurity incident took place, we were not able to determine the extent of the impacted data until the investigation concluded on October 3, 2022.
At this time, NYCDEA does not have any evidence to indicate that any of your personal information has been or will be misused as a result of this incident. NYCDEA is notifying you of this incident out of an abundance of caution.
What We Are Doing:
We take the protection and proper use of personal information very seriously. As part of our ongoing commitment to information privacy and the security of information, we are notifying you of this incident. Although we are not aware of any misuse of your information as a result of this incident, we are offering you complimentary credit monitoring and identity theft protection through IDX.
IDX’s services include: 12 months of credit and CyberScan monitoring, fully managed identity theft recovery services, and a $1,000,000 Identity Theft Insurance policy. With this protection, IDX will help you resolve issues in the unlikely event that your identity is compromised.
We encourage you to contact IDX with any questions and to enroll in free IDX services by calling 1-833-764-2913 or by going to [Redacted] and using the Enrollment Code provided. IDX is available Monday through Friday from 6 a.m. to 6 p.m. Pacific Time, excluding holidays. Please note the deadline to enroll is January 31, 2023.
What You Can Do:
Further, as best practice, we encourage you to remain vigilant against incidents of identity theft and fraud, to review your financial account statements, and to monitor your credit reports for suspicious activity. This letter also includes additional information and resources to assist you in protecting your personal information, should you feel it appropriate to do so.
For More Information:
If you have additional questions, please call 1-833-764-2913, toll-free, Monday through Friday from 6 a.m. to 6 p.m. Pacific Time, excluding holidays. NYCDEA values the security of your personal data, and we apologize for any inconvenience this incident has caused.