New York State Fishkill Correctional Facility reports data breach

A  data breach has occurred at the Fishkill Correctional Facility in New York State, where sensitive personal information of correction officers and prison employees was inadvertently disclosed to inmates.

An Offender Rehabilitation Coordinator (ORC) provided a multi-page list containing employee names, job titles, and social security numbers to at least two inmates on November 4, 2024. The breach was not reported to the prison superintendent until November 17, 2024, thirteen days after the initial disclosure.

The facility houses nearly 2,000 inmates who could potentially access the sensitive information. Facility officials have launched an investigation and search operation to determine how many copies of the document might be in circulation. So far, three copies have been recovered - two from the initial inmates who received the information and one additional copy made by another inmate.

The facility is conducting thorough searches of inmates who have made copies of documents in the law library that match the page count of the leaked documents, as well as investigating all law library clerks.

The breach has affected hundreds of prison employees, though the exact number has not been disclosed. The New York State Department of Corrections and Community Supervision (DOCCS) has announced plans to notify all affected staff members through letters mailed to their residences.

Multiple unions representing the affected employees, including NYSCOPBA, CSEA, PEF, and Council 82, are currently consulting with their legal advisors to explore available options for their members. T