.png)
BCNYS Data Breach Affects 47,329 Individuals Nationwide
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info
The Business Council of New York State Inc. (BCNYS) experienced a major data breach. The organization discovered that an unauthorized party gained access to internal systems from Feb. 24, 2025 to Feb. 25, 2025. An investigation was launched and it was determined the cybersecurity incident exposed personally identifiable information (PII) and protected health information (PHI).
A review was completed on Aug. 4, 2024 and the data breach affected at least 47,329 individuals. Compromised information includes full names, Social Security numbers, dates of birth, state identification numbers, financial institution names, financial account and routing numbers, payment card numbers, payment card access PINs, payment card expiration dates, taxpayer identification numbers, electronic signature information, medical provider names, medical diagnosis or condition information, prescription information, medical treatment or procedure information and health insurance information.
The data breach was disclosed to the Maine, New Hampshire and Massachusetts Attorney Generals' offices beginning on Aug. 15, 2025. The Business Council of New York State published a Notice of Data Security Incident on its website and began notifying impacted individuals by mail on Aug. 15, 2025.
The breach is considered severe due to the wide range of sensitive information involved, including personal, financial and health-related data.
The Business Council of New York State's response
In addition to required state and federal disclosures, The Business Council of New York State is offering individuals with compromised Social Security numbers free IDX credit monitoring services.
If you receive a notice from BCNYS about this breach, you may want to:
- Sign up for the free IDX credit monitoring services, offered by The Business Council of New York State.
- Monitor your credit reports and financial accounts for any unusual activity.
- Be alert for phishing emails or phone calls that may use your exposed information.
- Consider placing a fraud alert or credit freeze with major credit bureaus.
More information about the organization can be found on the BCNYS website.
Protect Your Data
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)