During the Christmas holiday weekend of 2011, the Public Advocate's website was the target of a sophisticated cyber attack. We have discovered that information submitted by our constituents through our website (advocate.nyc.gov) was accessed and obtained from the website without authorization. Any information you submitted to the Office through the website may have been exposed. While not everyone submitted personal information, if the information you submitted included your name, address, Social Security number, date of birth, or any other sensitive information, that information may have been accessed and obtained. Those who submitted information to the Office through the website prior to the attack were previously advised by email of this attack. If your Social Security number or date of birth was exposed, you were also sent a letter.
We assure you that we are committed to safeguarding your personal information and have taken steps to fortify the protective measures that were already in place. As a precautionary measure to help you protect against any possible misuse of your data, there are some steps you can take to protect yourself if you submitted sensitive information that may have been accessed. While the following suggestions may not be applicable to your circumstances, we are providing them for you to consider. The Federal Trade Commission (“FTC”) offers online guidance regarding measures you can take to protect against identity theft atwww.ftc.gov/idtheft. You may also report any incidents of identity theft to the FTC at 1-877-IDTHEFT. If you feel it is necessary, you can place a fraud alert on your credit file by contacting the fraud departments of Experian (www.experian.com), Equifax (www.equifax.com) and TransUnion (www.transunion.com). A fraud alert is attached to your credit report and puts creditors on notice that you may be a victim of fraud. When you try, or someone else tries, to open a credit account, such as by getting a new credit card, any type of loan or cell phone account, the creditor is alerted to contact you by phone to verify that you really want to open a new account.
If you have further concerns or wish to speak directly with a representative of the Office of the Public Advocate, please call 212-669-2455 between the hours of 9:00 am (EST) and 5:00 pm (EST).We apologize for any inconvenience or concern this incident may cause. We remain committed to providing assistance accessing City benefits and services and to maintaining your privacy as a key priority and will continue to take steps to protect your information.
What information was accessed by the hackers?
Following the security breach, the hackers accessed the raw data that powers the Public Advocate’s website. This includes webpage content, including embedded user comments and information submitted through forms on the website. Most of these user comments and submissions only include basic information such as a name and email address and no other personal information. The underlying website server was not breached during the attack. In addition, email correspondence and our internal contact management system were not accessed or exposed in any way.
What steps have been taken in response to the website security breach?
Upon learning of the website security breach, the Public Advocate’s Office notified law enforcement, moved to quickly reinforce security measures, and took the steps necessary to ensure that no stolen data was in the public domain. Additionally, the Public Advocate’s Office has contacted all individuals whose information may have been compromised and anyone with questions or concerns can contact the Public Advocate's Office at 212-669-7250.
Who can I contact if I have questions or concerns about information I submitted through the Public Advocate's website?
You can contact the Public Advocate’s Office by calling 212-669-7250.
What steps can I take to protect myself online?
Individuals who believe their information may have been compromised during this security breach are advised to not open any unsolicited emails and notify the Public Advocate’s Office of any suspicious activity, such as SPAM or unsolicited emails asking for personal information with reference to the Public Advocate's Office. To learn more about email scams and how to protect yourself online, please visit http://onguardonline.gov for helpful information.