NYC Department of Finance accidentally exposes the personal data of employees
The New York City Department of Finance inadvertently disclosed the private information of over 1,700 employees, including home addresses, cell phone numbers, and personal email addresses. The breach occurred during a test of the agency’s emergency notification system, resulting in the dissemination of sensitive data to all employees.
The mishap occurred when the agency’s roster, containing confidential employee details, was mistakenly emailed to approximately 1,800 staff members. Alongside this blunder, automated phone calls were inadvertently made at 3:30 a.m. instead of the planned 10 a.m., with a short recording indicating that the calls were simply a test of the emergency notification system.
Concerns immediately arose among employees over the widespread sharing of their personal information, particularly their home addresses. One employee, who preferred to remain anonymous, voiced these concerns, stating, "We don’t know who out there has our information, how they’re going to use it, and who they’re going to share it with."
In response to the breach, Associate Commissioner for Workforce Management Corinne Dickey emailed employees, informing them that the city’s Office of Technology & Innovation and its Cyber Command had been alerted. The matter is under investigation, with collaboration from the Legal department and the FIT (Finance Information Technology) team, to determine the appropriate course of action.
The cause of the failure has not been explicitly disclosed, as Dickey’s email referred to an "error" in the timing of the automated calls and incorrect email distribution. The vendor responsible for the notification system, Massachusetts-based company Everbridge, has been identified.
Everbridge specializes in critical incident management and is contracted for over $6 million with the Office of Emergency Management to support the citywide mass notification system, Notify NYC. According to Everbridge spokesperson Jeff Young, the firm’s platform remains uncompromised, and the issues experienced were not due to a system error.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Securing the AI-Driven WorldSponsored by Checkpoint
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543