47,000 people affected by data breach at Business Council of New York State

The Business Council of New York State (BCNYS) has announced that it recently became aware of a security incident.

The Business Council of New York State is an organization that represents the interests of large and small businesses in New York. According to the organization’s website, it has over 3,000 members, including trade organizations, local chambers of commerce, and other professional entities, which employ over 1.2 million New Yorkers.

In a filing addressed to the Office of the Maine Attorney General, the interest group states that an unauthorized party gained access to “a limited number of internal systems” between February 24th and February 25th, 2025. The data breach, however, was detected almost six months later, on August 4th.

“Upon detecting the unauthorized activity, BCNYS immediately contained the incident and launched a thorough investigation. As a part of the investigation, BCNYS engaged leading outside cybersecurity professionals to secure the environment and to identify the scope of what personal information, if any, was involved,” the data breach notification letter that was sent to affected members says.

The inquiry showed that the threat actor was able to exfiltrate personal, financial, and medical information of 47,329 members, including full names, Social Security numbers, dates of birth, state identification numbers, financial institution names, financial account and routing number information, payment card numbers, payment card access PINs, payment card expiration dates, taxpayer identification numbers, electronic signature information, medical provider name, medical diagnosis or condition information, prescription information, medical treatment or procedure information, and health insurance information.

At the time of writing, BCNYS hasn’t received any reports of identity fraud as a result of the incident. Nevertheless, the interest group encourages affected members to remain vigilant against incidents of identity theft and financial fraud.

To protect victims from potential misuse of their information, BCNYS will provide free credit monitoring memberships to those whose Social Security numbers have been exposed. Furthermore, the business council urges individuals impacted by this data breach to monitor their account statements for identity theft attempts and their free credit reports for suspicious activity.