$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On September 21, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: New York Racing Association

NOTICE: If you received a NOTICE OF DATA BREACH letter from New York Racing Association, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

Data Breach AlertOn August 25, 2022, New York Racing Association (“NYRA”) reported a data breach with the Office of the Vermont Attorney General after the organization experienced a ransomware attack targeting sensitive information on its computer network. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following information related to some current and former employees: first and last names, Social Security numbers, driver’s license numbers, health records, health insurance information and other personal information. After confirming that consumer data was leaked, NYRA began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the NYRA data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from the New York Racing Association.

What We Know So Far About the New York Racing Association Breach

News of the New York Racing Association data breach comes from the organization’s official filing with the Office of the Vermont Attorney General as well as a recent news source that had communicated with the hackers responsible for the attack. According to these sources, on around June 30, 2022, NYRA learned that its computer system had been encrypted in what, at the time, appeared to have been a ransomware attack.

In response, the NYRA began working with federal law enforcement authorities as well as a third-party cybersecurity firm to assist with the organization’s investigation. The investigation confirmed that the incident was a ransomware attack and that the information of certain current and former employees was accessible to the hackers.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, New York Racing Association intended to review the affected files to determine what information was compromised and which consumers were impacted. However, because the NYRA’s computer system was encrypted, it delayed the investigation. NYRA explains that it only recently completed its review of the affected files. While the breached information varies depending on the individual, it may include your first and last name, Social Security number, driver’s license number, health records, health insurance information and other personal information you provided to the New York Racing Association.

On August 25, 2022, New York Racing Association sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More recently, the Hive ransomware group took credit for the NYRA data breach, adding the organization to its list of victims.  Based on this source, it appears that the hackers’ demands were unmet, as they recently posted a link that allows anyone to download the stolen information.

More Information About New York Racing Association

Founded in 1955, the New York Racing Association operates the three largest thoroughbred horse racing tracks in New York, Aqueduct Racetrack, the Belmont Park, and the Saratoga Race Course. The organization’s current contract provides that the company will continue to operate these three tracks until at least 2033. New York Racing Association employs more than 792 people and generates approximately $226 million in annual revenue.

Do Companies Have an Obligation to Safely Maintain the Sensitive Information of Former Employees?

Most people recognize that employers have a duty to protect the employee information in their possession. However, what fewer people know is that a company’s obligation to protect an employee’s information is not terminated with a worker’s employment.

Given the relationship between an employer and its employees, it is common for employers to have a significant amount of personal information about employees in their possession. This information may include an employee’s Social Security number, bank account number, health insurance information, medical history, work history, driver’s license number, workers’ compensation claims information, and contact information.

When an employee leaves a company, employers typically retain this information for several years. However, the company’s obligation to protect and safeguard the information does not end when the employee leaves the company.

In fact, employers owe the same duty to current and former employees. Thus, if a data breach results in a former employee’s information being leaked, the company may be financially responsible for any harm that the former employee experiences as a result of the leaked information. Most often, this includes the financial and emotional costs related to identity theft or other frauds.

Of course, just because a company is the target of a cyberattack doesn’t automatically mean the company can be held legally responsible. The question in all data breach cases is whether the company was negligent in how it stored or maintained the data. For example, a company may be negligent by:

  • Failing to implement or maintain an up-to-date data security system;
  • Mistakenly posting sensitive consumer information so that it is publicly available;
  • Inadvertently sending consumer information to an unauthorized party;
  • Not following the correct procedures when handling consumer data;
  • Opening an unsolicited email that installs malware on their computer; or
  • Responding to a phishing attack.

Those who are interested in learning more about their options in the wake of a data breach should reach out to an experienced data breach lawyer for assistance.

If You Have Questions About Your Rights Following the New York Racing Association Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the NYRA data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

NOTICE: If you received a NOTICE OF DATA BREACH letter from New York Racing Association, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.