The Joint Commission on Public Ethics (“JCOPE”) today announced that it has provided required notice to the people whose emails/usernames and passwords were contained in a file that was improperly accessed in the February cyber security incident that led to the temporary shutdown of JCOPE’s Lobbying Application (“LA”) and Online Financial Disclosure Statement (“FDS”) systems. The body of that notice letter follows.
We are writing to inform you that we have identified a security incident in which information technology systems at the Joint Commission on Public Ethics were breached. As a result, we have reason to believe that a file containing your email/username and password for the JCOPE Legacy (pre-2015) Financial Disclosure System was improperly accessed. The Legacy FDS filing system was in place to maintain annual Financial Disclosure Statements made by state employees and officials until its replacement in 2015. Once evidence of possible file access of usernames and passwords used in the Legacy system was discovered, all passwords for the current FDS filing system were reset as a precautionary measure. Nevertheless, we understand that it is common practice for individuals to use the same password across multiple websites and applications. As a result, we urge you to immediately change your password on any other sites on which this password may have been reused and to always utilize complex passwords that do not repeat across different platforms.
In addition, we strongly encourage you to examine the resources available through a number of governmental entities. The Federal Trade Commission’s (FTC) website (www.identitytheft.gov) includes comprehensive information concerning precautionary measures that may be taken to minimize risks, including contact information for major credit reporting bureaus. You may also contact the FTC by calling (202) 326-2222 or toll-free at (877) 438-4338. The New York State Attorney General’s office can also provide important information about monitoring your accounts for fraudulent activity (www.ag.ny.gov/consumer-frauds/identity-theft) and can be reached at 1-(800)-771-7755.
We understand the importance of safeguarding your information and are taking steps to minimize the future likelihood of a security incident, including ongoing system vulnerability testing, security logging and preventative measures, continued information technology systems monitoring, and other appropriate safeguards.
We apologize for the inconvenience.
