On Wednesday it was announced that following the Sept. 8 cyberattack on the Suffolk County government, the driver’s license numbers of 470,000 people who were issued moving violations in Suffolk during most of the past decade may have been exposed.  Credit: Newsday/Steve Pfost

The driver’s license numbers of 470,000 people who were issued moving violations in Suffolk during most of the past decade may have been exposed during the Sept. 8 cyberattack on county government, officials announced Wednesday.

The wide-scale breach of personal data represents potentially the most serious implication for members of the public following the hack that led to the theft of county data and shutdown of many county functions for more than two months.

In response, the county is offering a year of free credit monitoring and identity theft protection from Kroll, a Manhattan-based cybersecurity firm, to individuals potentially affected by the breach. 

Suffolk anticipates spending about $500,000 — or $21.15 for each individual who opts into the program — to cover the services, paid through the county attorney's office, officials said.

Nearly 500,000 residents affected

In an interview Wednesday, Suffolk County Executive Steve Bellone said a private-sector forensic team investigating the cyber-intrusion discovered that hackers accessed the server of the county's Traffic and Parking Violations Agency. Hackers may have accessed individuals' tickets, including their name, address and driver's license number.

"We don't know what information, or whose information, may be exposed," Bellone said. "We don't know specifically that any individual's driver's license may have been exposed."

In a news release issued the day before Thanksgiving, Suffolk announced that hackers accessed information from roughly 470,000 individuals issued moving violations by county police in the towns of Babylon, Brookhaven, Huntington, Islip and Smithtown between 2013 and Sept. 8, 2022. 

In addition, any individual who presented a driver’s license or passport at the Traffic and Parking Violations Agency in Hauppauge during that period when paying by credit card for traffic and parking violations could have had their information stolen by hackers, officials said.

Credit card payments at the TPVA office are processed by a third-party company and are not at risk, while parking tickets, red light camera tickets and school bus camera violations do not contain personal protected information, officials said.

Chris Coluccio, chief executive of TechWorks, a Ronkonkoma-based outsource information technology provider, said hackers typically combine driver's license numbers with other personal data already available online.

"They're trying to combine this information with other stolen data — Social Security numbers, email addresses, things like that — in order to impersonate people," Coluccio said. "And the more data they combine together from multiple breaches, the more that user's data is worth … They go out and sell that data on the dark web for those people who like to do identity theft crimes."

Suffolk took its website and web-based systems offline after the discovery of the cyber-intrusion and have begun slowly restoring services such as title searches and the email accounts of many employees.

The attack affected services big and small, delaying more than $140 million in county payments, knocking out police communications and forcing Suffolk to resort to paper records and in-person payments, applications and evaluations across a range of departments. Motorists who receive new moving violation tickets — with the exception of red light and bus camera tickets — can still only pay their fines by mail, officials said.

Newsday has reported that law enforcement and technology managers were alerted to suspicious computer activity in June but did not take steps to contain it.

An unidentified group took responsibility for the cyberattack in a posting on the “dark web,” an anonymized portion of the internet where criminal activity often occurs.

The group has released copies of some Suffolk documents, saying it was seeking a “small reward” for revealing vulnerabilities in the county's computer systems.

County officials have not said if the group has demanded a specific ransom to restore and return the data.

'A drop in the bucket'

The Suffolk Legislature last month announced the creation of a bipartisan panel to investigate the source of the hack. On Tuesday, lawmakers voted to grant subpoena power to the panel.

"We're going to get to the bottom of what happened and people need to be held accountable," said Kevin McCaffrey (R-Lindenhurst), presiding officer of the Suffolk Legislature, who will sit on the panel.

Suffolk said it will provide free credit monitoring and identity theft restoration services to individuals potentially impacted by the breach. A third-party provider would also reimburse individuals, up to $1 million, for expenses or legal costs stemming from any identity fraud connected to the cyberattack if the damages are substantiated.

Additional covered expenses could include costs to rectify or amend records, fraudulent withdrawals up to $10,000, application refiling fees and the loss of income, child care or elder care costs incurred while taking time to rectify cases of identity fraud.

Coluccio said one year of credit monitoring and identity theft services amounts to "a drop in the bucket" in terms of longtime protection for those who had their information exposed. Only a relatively small percentage of individuals are likely to ultimately take advantage of the program, he said.

"You're lucky if you get 100,000 people that actually go out and register for it, then monitor it and track it and use it correctly," said Coluccio, who anticipates additional batches of personal data will be released by the hackers. "You're gonna have a huge percentage of the population that aren't ever going to know that they can do something about it."

Credit monitoring and identity theft protection must be activated by Feb. 17, Suffolk officials said.

To learn more about eligibility and to activate these services, individuals can visit https://suffolkcounty.kroll.com/. The information also will be posted on the county's home page and social media accounts.

With Candice Ferrette


            WHAT TO KNOW

    • The names, addresses and driver’s license numbers of 470,000 people who were issued moving violations in Suffolk during nearly the past decade may have been exposed during the Sept. 8 cyberattack.
    • The county is offering one year of free credit monitoring and identity theft protection from Kroll, a Manhattan-based cybersecurity firm, to individuals potentially affected by the breach.
    • Experts say hackers will typically combine a driver's license number with other personal information, such as Social Security numbers, to steal an individual's identity.

    Latest videos

    Newsday LogoSUBSCRIBEUnlimited Digital AccessOnly 25¢for 5 months
    ACT NOWSALE ENDS SOON | CANCEL ANYTIME