Full Menu Close Menu
News Stories

Update on DOE and TRS data breach

New York Teacher
Security Breach
blogtrepreneur.com

The Department of Education has notified approximately 130,000 in-service UFT members and 36,000 former Department of Education employees that their confidential information might have been exposed in a large data breach in June.

Roughly 19,000 DOE documents, including Medicaid reports related to the provision of related services, related services progress reports and records related to the leave status of DOE employees, were accessed without authorization.

The letter from the DOE, mailed on Aug. 9, informed affected individuals about exactly what information was disclosed and what was not. Those affected were offered two years of free identity theft and credit monitoring through IDX. Additional affected DOE employees were identified in September and mailings will be sent to those individuals. The deadline to enroll in identity/credit monitoring services and call center for inquiries/enrollment has been extended until December 15, 2023, for all affected individuals.   

For most, the employee ID number and leave status were disclosed in addition to their name. The Social Security numbers of about 8,000 individuals were stolen.

The breach also affected 45,000 New York City public school students. The students’ OSIS numbers and dates of birth were exposed.

One of the Teachers’ Retirement System’s third-party vendors, PBI Research Services, was affected in the same data breach. The names, Social Security numbers, partial address information and dates of birth of some retirees or beneficiary payees were exposed. Those affected received an email from TRS in July and were offered two years of credit monitoring through Kroll.

The breach was part of a worldwide hack of the millions of people’s personal information through a security vulnerability in the MOVEit software, which is widely used by private companies and governments to safely transfer documents and data. The DOE uses MOVEit to transfer documents and data internally as well as to and from vendors, including third-party special education service providers.

For additional information about the incident, see the DOE website.

Related Topics: Pension