NYPD Suffers Massive Data Breach

By Matthew Harwood

The New York Police Department (NYPD) is sending out letters to nearly 80,000 current and retired police officers after a civilian employee allegedly stole their personal information from a secure police back office located in a warehouse on Staten Island, New York.

Anthony Bonelli, the NYPD pension telecommunications director, allegedly swiped backup tapes that contained addresses, Social Security numbers, medical records, and direct-deposit information on nearly 80,000 current and retired police officers on February 21, according to the New York Post. The information could be used to steal the officers' identities. Police later found the stolen tapes in Bonelli’s home and arrested him.

But what’s more interesting is how Bonelli allegedly bypassed the back office’s layered security.

According to news reports, Bonelli bypassed the security guard on duty by flashing an expired ID card. His name was also not on a list of authorized personnel.

"This individual was not authorized to be there, yet the guard let him in," Anthony Garvey, the fund's executive director, told the Staten Island Advance. "We think it was poor judgment."

Next, Bonelli allegedly pulled the plug on the back office’s camera system before stealing the eight tapes.

The Advance reports:

Bonelli is charged with felony counts of third-degree burglary, fourth-degree grand larceny and computer trespass, and is being held in lieu of $2 million bail. He faces a maximum of 13 years in prison if convicted.

Letters have been sent to 36,000 active and 43,000 retired police officers notifying them of the breach. While the NYPD says the information was not compromised, its pension fund is offering those affected a year of free credit monitoring just in case.


Businesses and Government Agencies Need to be Prepared

This incident is another example of the fact that most data breaches are not hacks, but involve issues such as human error, lost information, employee theft, 3rd party vendors, etc.

Businesses and government agencies need to deploy data breach and identity theft protection solutions that address all of these breach types.

I highly recommend that CIOs, CISOs and IT staff visit Identity Force to learn more about preventing data breaches, responding to data breaches and complying with federal and state laws and regulations. (Identity force is the #1 provider of identity theft solutions to the federal government.)

Putting affordable solutions in place is far better that dealing with the financial and reputational damages that can cripple organizations that are unprepared.

Derek Beckwith

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.