A Different Kind of ‘Pay cut:’ When Student/Employee Data is Compromised

On Friday, reports surfaced that the data of thousands of NYCDOE students and employees was compromised, after a breach that also affected several companies and governmental agencies. In some cases, the information hacked included sensitive identifiers like social security numbers. We don’t know who was affected yet or even the specific date when we will.

UFT headquarters was slow to communicate with members about the issue, but finally sent out an email on Sunday night. (CSA had done so by Friday). In that email, we learned that: “The DOE is in the process of determining precisely which staff and students were affected and which confidential information was compromised in each instance. The DOE plans to notify affected staff and caregivers and offer them access to an identity-monitoring service. In the meantime, all of us should be extra vigilant and be on the lookout for any unusual online activity or communications.” We also learned that “The union will continue to closely monitor the situation to ensure the DOE and the city expeditiously take the appropriate steps to protect us and the families we serve. We are advocating that the DOE provide credit fraud protection to any UFT member whose confidential information was compromised in this breach.”

It’s indicative that the response is vague. UFT appears to be advocating for the DOE to do what it already planned to do, which is to offer access to an “identity-monitoring service,” unless they distinguish that from “credit fraud protection.” There’s also no information about how much protection UFT members might be afforded, and how much they themselves might be on the hook for if their identity is stolen and unauthorized accounts or major purchases are made. There’s also precious little information about how long this unspecified protection would be given to UFT members. When a similar situation occurred to postal workers in 2014, for instance, employees were only offered a single year of protection. If cybercriminals wait 366 days before using the compromised data of UFT members to cause financial or other harm, will we be on our own?

In the age of big data, where employer-stored data that could be used to destroy the lives of members is at a hacker’s finger tips, our union needs to be proactive. Our new would-be contract ups the amount that the Board can reimburse teachers for damaged personal property from $100 to $500. That’s an improvement, but the data breach and our union’s delayed and lackluster response exposes that the bigger risk to members’ finances may be our cyber-vulnerability.

Vague and reactive procedures aren’t enough. The UFT must ensure that no member is at risk of employer-caused identity theft and the catastrophic financial consequences that this act can engender. Period.

5 Comments

  • Avatar
    Howie Siegel

    The UFT is going to monitor the situation? That’s a laugh. The NYC administration has run roughshod over the UFT for years. The alternative theory of course is that the Union has colluded with NYC government. Either way, the UFT can monitor until the cows come home. They are a toothless tiger. Any resolution to this situation will not come from anything they do.

    • BaconUFT
      BaconUFT

      Agreed. Especially after the PupilPath disaster, we should have been being proactive about potential data breaches. Now we potentially have social security numbers ready to be sold on the dark web. This reactive and minimalistic response that seems to echo whatever the City is already doing is unacceptable.

  • Avatar
    Johnny Change

    Hi, Mr. Banks just sent out a new calendar with 3 more days off; March 29–April 1, Friday–Monday Easter Weekend, schools closed; April 22–30 Monday–Tuesday
    Spring Recess, schools closed. Do we report on Sep 5th or Sep 7th? It says the first school day is Sep 7th. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *