December 10 – Today, Brooklyn Defender Services, a public defender organization representing clients in criminal, immigration, and family proceedings, announced that it has identified and addressed a data security incident.
Brooklyn Defender Services recently discovered that an unauthorized person gained access to some of Brooklyn Defender Services’ employees’ email accounts.
On September 13, 2020, Brooklyn Defender Services determined that emails or attachments may have included employees’ and clients’ names, addresses, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, health information, and/or biometric data such as fingerprints.
Brooklyn Defender Services advises its current and former employees, their dependents and beneficiaries, as well as its clients, to remain vigilant for signs of unauthorized activity by reviewing their financial account statements, health insurance statements and explanations of benefits statements. If they see charges or activity they did not authorize, Brooklyn Defender Services suggests that they contact their provider or financial institution immediately. Brooklyn Defender Services is in the process of providing notice of this incident to affected individuals and is offering eligible individuals a complimentary membership to Kroll’s Credit Monitoring, Fraud Consultation, and Identity Theft Restoration service. Unfortunately, Brooklyn Defender Services does not have current addresses for all such individuals. Brooklyn Defender Services encourages anyone who believes that their personal information may have been compromised or is concerned to visit the website or call the telephone number below for additional information.
Your confidence and trust are important to us, and we regret any inconvenience or concern this incident may cause. To help prevent something like this from happening in the future, we have incorporated additional authentication measures for remote email access, implemented additional data security measures, and are re-educating our staff for awareness on these types of incidents.
Additional information is available at http://bds.org or by contacting Brooklyn Defender Services’ dedicated call center at 1-833-971-3259 Monday through Friday, from 9:00 a.m. to 6:30 p.m. Eastern Time.
SOURCE Brooklyn Defender Services
Note: They do not reveal when they first detected abnormal activity — the only date they give is when they determined that email attachments contained PII.
So when did this attack actually occur? And when did BDS first discover it? DataBreaches.net sent an email inquiring, but has received no reply as yet. This post will be updated if a reply is received.