Suffolk Offers Free Credit Monitoring To People Exposed In Cyberattack

HAUPPAUGE, NY — Suffolk County officials are offering identity theft protection to potentially thousands of people whose personal information, including driver's license and passport numbers, might have been exposed during the cyberattack in September.

The county has joined with the Manhattan-based Kroll, a well-known cybersecurity and identity theft protection firm, in launching an identity theft protection webpage, www.suffolkcounty.kroll.com.

Under the plan, the county is offering a year of complimentary credit monitoring and identity theft protection to potentially impacted people, and those eligible may receive credit monitoring from all three credit reporting agencies, as well as identity theft restoration, and identity fraud loss insurance.

It has been determined that people who were issued moving violations within Suffolk's Police District between 2013 and Sept. 8, 2022, may have had their driver's license numbers exposed.

Others who presented identification, like driver’s licenses or passports, at Suffolk’s Traffic, Parking, and Violations Agency in Hauppauge when paying by credit card for tickets, may have also been exposed.

About 470,000 discrete moving violations were issued during that time period, officials said.

"The potential exposure of personal protected information "appears to be limited to driver’s license numbers only," officials said.

Credit card payments for tickets are also processed by a third party so credit card numbers are not at risk and parking tickets, red light camera tickets, and school bus camera violations do not contain personal protected information, according to officials.

The complimentary credit monitoring and identity theft protection must be activated by Feb. 17, 2023, and subscribers must be prepared to affirm that they fit into one of the impacted categories and be prepared to provide proof if contacted by Suffolk.

Suffolk's web-based applications were attacked Sept. 8, forcing officials to take down some of its services, including web pages and email, while they undertook an investigation. The attack has since been deemed a ransomware attack.

County officials have never indicated what demands have been made.

A cybercriminal gang named "BlackCat" has alleged responsibility, according to posts on the dark web.

County officials have previously said that the hackers responsible for the cyberattack had either accessed or acquired residents' personal information and they advised vigilant credit monitoring.

The county formally notified the state Attorney General’s office about a data breach in Suffolk on Sept. 20. The following day, the county posted consumer identity protection information and resources on its landing page.

County Executive Steve Bellone said that "the protection of personal, sensitive information is a top priority for the county."

"The identity protection services the county is offering through Kroll will help provide peace of mind to individuals who may have had specific pieces of their personal information exposed,” he added.

If the ongoing digital forensic examination discovers any other potentially breached information, the information will be shared publicly or alerted to the people affected directly, according to officials.

This is what the county is offering:

• Triple Bureau Credit Monitoring: It will be provided to all who choose to subscribe. The data comes from the national credit bureaus Equifax, Experian, and TransUnion. For anyone who chooses online service, credit activity will be reported promptly to a registered email address by an alert. For those with offline service, notifications will be sent by U.S. Postal Service. The process will not affect credit scores, or appear as a hard credit inquiry on a credit report when the credit report is accessed by a third party.
• Identity Theft Restoration Services: Kroll will recommend a case be opened on suspected identity theft. Fraud specialists will be able to undertake the bulk of the restoration work required to restore identity to pre-theft status.
• Identity Fraud Loss Reimbursement: The coverage, which will be made available through a third-party provider, can reimburse for certain eligible losses, like expenses and covered legal costs resulting from a subscriber’s stolen identity event, fraud, theft, forgery, or misuse of the person’s data. Members can activate monitoring services during the defined activation period to be eligible for insurance coverage and claim filing. The policy will also provide coverage for up to $1 million with no deductible charged to the subscribing member and includes up to $10,000 reimbursement of stolen funds. All claims are subject to the terms, limits and/or exclusions of the policy.
• Potential covered expenses include: application refiling fees; costs incurred to rectify or amend records; costs to contest accuracy of a credit report after identity fraud; loss of income due to time taken to rectify records due to identity fraud; childcare and elderly care costs incurred due to time taken to rectify identity fraud; fraudulent withdrawals up to a $10,000 limit; and covered legal costs with some restrictions.

County officials say coverage is subject to the conditions and exclusions in the policy and to be eligible for reimbursement, discovery of the covered loss by the subscribing member must occur during the term of the policy and the receipt of services. The policy covers residents of the United States, including Puerto Rico, according to officials.

People can also contact Suffolk 311 if they have any questions. Within Suffolk County dial 311, outside of Suffolk County call 631-853-6311.

The program will also be shared on social media and posted on the homepage of the county’s website, www.suffolkcountyny.gov.

RELATED STORIES:

• Suffolk Pols Give Subpoena Power To Panel In Cyberattack Probe: Report
• Suffolk Clerk Received Multiple Alerts Before Cyberattack: Report
• Funding Questioned As Suffolk IT Head Plans To Boost Staff, Equipment
• Suffolk Lawmakers Form Committee To Investigate Cyberattack: Report
• Suffolk Officials Warned Of Possible Cyberattack Months Ago: Report
• Suffolk Cyberattack: Title Searches Return As Property Sales Delayed
• Suffolk Hack: Residents Told Obtain Credit Report, Look Over With Care
• 'Threat Actor' Claims Responsibility For Suffolk Hack On Dark Web
• Suffolk Exec Says 'Cyber Intrusion' Has Hallmarks Of Ransomware
• After Possible Cyberattack, Suffolk Deploys Manual Record-Keeping