Major Hack Hit NY Business Council: Over 47,000 People Affected

The Business Council of New York State (BCNYS), a prominent association representing businesses, chambers of commerce, and professional organizations across the state, has confirmed that it suffered a devastating cyberattack. The breach, which occurred in late February 2025, resulted in the theft of sensitive information on tens of thousands of people.

According to a report filed with the Office of the Maine Attorney General, the BCNYS lost full names, Social Security numbers (SSN), dates of birth, state identification numbers, financial institution names, financial account and routing number information, payment card numbers, PINs, payment card expiration dates, taxpayer identification numbers, and electronic signature information. The incident also included health data such as names of medical providers, information on medical diagnosis and conditions, prescription information, data regarding medical treatment and procedures, and healthcare insurance information.

The total number of individuals potentially affected by the incident is 47,329. However, it's worth noting that there is currently no evidence to suggest that the stolen files were used in identity theft, phishing, or other cybercrime. Despite this, hackers can still use stolen data to open bank accounts or credit lines, make unauthorized purchases, file false tax returns, and even access medical services or prescriptions under someone else's name.

Protecting Yourself from Identity Theft

To minimize the risk of falling victim to identity theft or other cybercrime, BCNYS recommends several steps:

• Place a fraud alert or credit freeze with the major credit bureaus.
• Monitor bank and credit card statements daily.
• Sign up for identity theft protection or credit monitoring through the BCNYS, which is offered free of charge.
• Change passwords and enable multifactor authentication on all accounts.
• Notify banks and insurers of potential fraud.
• Request an IRS Identity Protection PIN to block fake tax filings.

For medical data, victims should review insurance Explanation of Benefits (EOB) statements and contact providers to flag any suspicious medical activity. It's essential to remain vigilant and take proactive measures to protect yourself from potential harm.

Stay Safe Online

The BCNYS breach serves as a stark reminder of the importance of cybersecurity and online safety. As technology continues to advance, hackers become increasingly sophisticated, and the risk of data breaches and identity theft grows.

To stay ahead of these threats, it's crucial to stay informed about the latest cybersecurity news, best practices, and tools. Sign up for our newsletter to get all the top news, opinion, features, and guidance you need to succeed in your business.