The Joint Commission on Public Ethics ("JCOPE") has learned that it was the target of a deliberate malicious cyberattack, specifically to the web server that houses, among other systems, JCOPE’s Lobbying Application and Financial Disclosure Statement Online Filing System. The systems were taken down as a precaution earlier this week by the State Office of Information Technology Services (“ITS”) when it received an alert of suspicious activity on that web server. The cyberattack was only just confirmed after several days of preliminary forensic analysis by ITS.
The systems will remain offline until they can be brought back up safely. There is no initial timeframe for a resumption of online filings.
We do not have any information at this time about who may have been behind the cyberattack, and although we do not know yet if there was an actual breach of user or other agency information, we will be working with law enforcement, including the New York State Police and the Office of the Attorney General, as well as the Department of State’s Consumer Protection Division, to further investigate this incident and meet all legal obligations triggered when a system breach occurs.
“Our first and highest priority is the safety and integrity of the data entrusted to the Commission by the regulated community,” stated JCOPE Executive Director Sanford Berland. “We are working with our partners in information technology and law enforcement to identify the scope of the attack, to ensure that the incident response is comprehensive, and to bring each system back online as soon as safely possible.”
JCOPE will be separately working to notify the regulated lobbying community and financial disclosure statement filers. Extensions will be automatically granted for any filings that were due and could not be submitted because of the outage; those extensions will be determined once the systems have been brought back online.