County officials: Social Security numbers of Suffolk employees, retirees accessed in cyberattack

Thousands of Social Security numbers of Suffolk County employees and retirees were exposed during the September cyberattack, according to county officials.
A spokesperson for the county tells News 12 that the ongoing forensic investigation into the breach revealed that around 26,000 Social Security numbers may have been accessed by hackers.
County Executive Steve Bellone said the forensic team investigating the breach discovered a county server containing employee health plan information had been compromised.
County officials had a four-hour meeting on Wednesday about this wide-scale breach of personal data. They do not believe protected health information was exposed, but said Social numbers were taken from the server.
This applies only to county employees and retirees who were enrolled with the county's medical health plan since 2013.
"This was a serious cyber incident from the beginning," said County Executive Bellone. "We don't have evidence that any Social Security numbers have been published on the dark web, but based on that we want to offer the free identity theft protection services to as wide a group as possible that could be potentially impacted."
This issue happened after it was discovered that tax refunds would be delayed and nearly 500,000 driver's license numbers were potentially stolen.
Suffolk County Comptroller John Kennedy's Social Security number could have possibly been exposed and he says he didn't hear about it until News 12 told him.
"I want to thank News 12 for contacting me," Kennedy said. "Would have been nice if the county executive or anybody with his team reached out to the chief fiscal officer for the county."
Former Suffolk County legislator DuWayne Gregory, who also discovered his Social Security number could have been accessed, agrees that there needs to be more transparency.
"I think there needs to be more protection for people who were affected," Gregory said.
On Friday, the county will begin mailing letters to the thousands of impacted individuals with information about next steps. They will provide free credit monitoring and identity theft protection services for up to 12 months.
There will also be a special legislative committee to investigate how this happened.