Tuesday, May 18, 2021

Attorney General James Announces Agreement with Filters Fast After 2019 Data Breach

  

 New York Attorney General Letitia James today announced a $200,000 agreement with Filters Fast that resolves a 2019 data breach that compromised the personal information of approximately 320,000 consumers nationwide, including approximately 16,500 in New York state. Filters Fast — a popular online water filtration retailer — experienced a data breach in which attackers collected sensitive customer information during Filters Fast’s online checkout process. The compromised information included credit card holders’ names, billing addresses, expiration dates, and security codes. The website was compromised for close to a year — affecting purchases made on the site between July 16, 2019, and July 10, 2020. 

“New Yorkers should never have to worry that their personal information will be attacked during a routine online checkout process,” said Attorney General James. “Filters Fast fell far short of its responsibilities of protecting its customers against attacks on its online platform, and of promptly informing customers of any such attack so that they could take the necessary steps to protect their identities. Online information security has been especially critical during the COVID-19 pandemic, during which New Yorkers have increasingly relied on online retailers, such as Filters Fast, to purchase basic household goods. My office is committed to protecting consumers, which is why we will continue to use every available tool to hold companies accountable when they fail to safeguard personal information.”

On July 15, 2019, attacker(s) exploited a known vulnerability in Filters Fast’s online checkout process. The attacker(s) proceeded to collect the names, billing addresses, expiration dates, and security codes of customers who purchased products on Filters Fast’s website via credit card. On February 25, 2020, a credit card payment system management company notified Filters Fast that the online retailer’s website had been flagged as a common point of purchase for unauthorized purchases on customers’ credit cards. Such notifications are usually received by merchants who have an ongoing compromise.

Filters Fast personnel conducted an internal investigation and erroneously concluded that there was no breach. On May 13, 2020 — after additional reports of compromise — a credit card company requested that Filters Fast retain the services of a forensic investigator to formally audit its systems. After an initial report failing to identify a breach, the investigator produced a report, in late July, that discovered conclusive evidence of a breach. The investigator noted that a software patch had been issued to fix the problem three years before the company was attacked. The website was finally patched on July 10, 2020.

In total, the breach affected approximately 324,000 U.S. residents, and, more specifically, 16,618 New York residents. On August 14, 2020 — over a year after the breach occurred, and nearly six months after Filters Fast had received its first common point of purchase notification — the company began notifying affected customers whose credit card information had been accessed during the breach. With the notification, the company offered to provide affected customers with up to 12 months of identity theft protection services.

As part of today’s agreement, Filters Fast will make a series of improvements designed to protect consumer personal information from cyberattacks in the future, including:

  • Creating a comprehensive information security program that includes regular updates to keep pace with changes in technology and security threats, as well as regular reporting to the company's CEO concerning security risks;
  • Designing an incident response and data breach notification plan that encompasses preparation, detection and analysis, containment, eradication, and recovery;
  • Adopting personal information safeguards and controls — including encryption, segmentation, penetration testing, logging and monitoring, virus protection policy, custom application code change reviews, authentication policy and procedures, management of service providers, and patch management; and
  • Ensuring that third-party security assessments take place over the next five years.

Pursuant to the agreement, Filters Fast has agreed to pay the state of New York $200,000, $100,000 of which is suspended, but that will be immediately due if Filters Fast materially misstated its financial condition.

This matter was handled by Deputy Bureau Chief Clark Russell, Internet and Technology Analyst Joe Graham, and Volunteer Assistant Attorney General Anton Nemirovski — all of the Bureau of Internet and Technology, under the supervision of Bureau Chief Kim Berger. The Bureau of Internet and Technology is a part of the Division for Economic Justice, which is led by Chief Deputy Attorney General Chris D’Angelo and overseen by First Deputy Attorney General Jennifer Levy.

Comptroller Stringer Audit Uncovers Inadequate and Inconsistent Management of Brooklyn Estates

 

An audit of the operating practices of the Kings County Public Administrator’s Administration of Estates found weaknesses in the management of Brooklyn decedents’ estates

Comptroller Stringer recommended actions to the Surrogate’s Court and the Kings County Public Administrator to ensure uniform, consistent, and accountable policies and procedures for estate management

 Today, New York City Comptroller Scott M. Stringer released an audit revealing multiple deficiencies in the Kings County Public Administrator’s (KCPA’s) management of estates belonging to Brooklyn residents who pass away without a will or a surviving family member able to take charge of their estates. It is the KCPA’s responsibility to protect each decedent’s estate from waste, loss, and theft, make burial arrangements, identify and liquidate assets, pay taxes, and distribute the assets in accordance with a decree issued by the Surrogate’s Court. Comptroller Stringer’s audit found weak controls and insufficient procedures in place for searching for, collecting, retaining, and recording personal property belonging to the deceased. Comptroller Stringer’s audit also noted the existence of conflicting orders from the Surrogate’s Court that impair the KCPA’s ability to administer estates properly.

“New Yorkers must be assured that City government will responsibly manage estates of those who do not have a will or a family member able to take charge of their property after their passing,” said New York City Comptroller Scott M. Stringer. “Our audit uncovered disturbing weaknesses in the Brooklyn public administrator’s office that hurt its ability to safeguard and account for personal belongings of the deceased. Bureaucracy and conflicts cannot stand in the way of responsible management of estates and their property. We owe it to those New Yorkers we have lost and their families to be responsible stewards.”

There are five Public Administrators (PAs) within New York City, each appointed by the judge or judges of the Surrogate’s Court of their respective counties. The Office of the Kings County Public Administrator (KCPA) administers estates of Brooklyn residents who die without a will and without a family member or other person authorized to administer their estates. In Kings County, two elected Surrogate’s Court judges (Surrogates) preside over the Surrogate’s Court.

Comptroller Stringer’s audit found the following deficiencies in the Kings County Public Administrator’s management of estates of the deceased:

  • The existence of two Administrative Orders of the Kings County Surrogate’s Court that convey specific yet directly conflicting directions to the PA and Deputy PA related to estate administration and access to and control of the KCPA’s suspense account creating confusion and dissent within the KCPA related to the proper chain of command.
  • Significant weaknesses in the KCPA’s operating practices that preceded the two Administrative Orders including a lack of detailed policies and day-to-day procedures and responsibilities to govern certain aspects of its estate-administration processes.
  • Inconsistencies in the KCPA’s searches for, and its collection, inventory, and retention of, personal property belonging to decedents’ estates including some investigators not immediately logging items collected at a deceased person’s residence onto the designated forms.
  • KCPA office staff did not properly document the office’s receipt of the estates’ personal property that investigators brought back to the office for vault storage.
  • KCPA could not account for a significant quantity of estates’ personal property and its inventory record of non-liquid personal property was incomplete, inconsistent, and overwritten.
  • KCPA did not properly conduct periodic inventory counts of estates’ personal property, leading to the potential loss or misappropriation of estate property, which could go undetected.

In response to these concerning findings, Comptroller Stringer recommended the following actions:

The Kings County Surrogate’s Court should:

  • Review its Administrative Orders of May 18, 2020 and May 20, 2020 with the assistance of the Office of Court Administration to address and as far as possible resolve any contradictions that may exist between them.
  • Confer internally, with the assistance of the Office of Court Administration, to develop a framework in which the two Kings County Surrogates may jointly provide an appropriate level of Court oversight to ensure the KCPA’s accountability to the Court for the administration of estates.

The KCPA should:

  • Establish written policies and procedures that include detailed guidance to staff, consistent with the Surrogate’s Court Procedures Act and related State guidelines, for the proper performance of their assigned duties.
  • Ensure that it properly logs and maintains essential information concerning all personal property of every estate during or immediately following investigations at decedents’ residences.
  • Ensure that it consistently documents all aspects of the in-office inventory intake process on the required forms.
  • Perform and obtain appraisals of non-liquid inventory items belonging to closed estates, sell the items at auction, and ensure the proceeds of the sales are credited to the estates and remitted to the appropriate individuals in accordance with the applicable decree wherever feasible.
  • Regularly download, preserve, and periodically compare copies of video surveillance records with access log records to ensure a complete record of access to the vault.

To read Comptroller Stringer’s investigation of the Kings County Public Administrator and Surrogate’s Court, click here.

Governor Cuomo Directs Hate Crimes Task Force to Offer Assistance in Investigation into Racist Graffiti at Borough of Manhattan Community College

 

"I am appalled to hear of the incident at Borough of Manhattan Community College where a building that houses an art installation on historical racism against Black Americans was vandalized with abhorrent hate speech.


"I want to assure the students and staff that we will do everything we can to help bring the cowardly perpetrators to justice, and I am directing the New York State Police Hate Crimes Task Force to offer their assistance in the investigation of this horrific vandalism.


"This is not who we are as New Yorkers, and we will always stand united against hate in all its forms."


Southern Boulevard Residents Angry Over Loss of Parking to Bike Lane and Receiving Parking Tickets

 


Jose Leon speaks about residents living on Southern Boulevard between East 183rd Street and Fordham Road who have lost parking along the Bronx Zoo on Southern Boulevard to a protected bike lane. Signs went up without notice to area residents, and the very next day tickets were issued to residents who had parked in the new bike lane the night before. 

With tickets in their hands residents wanted to know what was going on, and what was going to be done about the tickets they received for what use to be legal parking until the DOT changed the street sign without proper notice to the community, and where are they going to park now. 


City Council candidate Ischia Bravo told the residents that the city should have provided proper notice, and that she will work with the DOT to see how the resident would not be responsible for paying the parking tickets that were given out wrongly. 

We reached out to 15th Councilman Oswald Feliz who said he was unable to make this event due to being tied up in City Council Committee meetings that he is on. He said he is aware of the situation, and that the problem was with Community Board Six for not notifying the community that the new bike lane was going to be put in. Councilman Feliz would not commit if he was in favor or not of this new DOT bike lane. There was no answer at Community Board Six.


Here is one of the tickets this resident saw on her car when she came down to go to work after parking in a legal parking space the night before.


A car is standing in the new Southern Boulevard bike lane by the Bronx Zoo where area residents have received tickets for parking in.


Signs that went up about the new Bike lane, and residents received tickets for parking in what was made a new bike lane.



A new DOT sign which says no parking from 7AM to 7PM is very confusing as to where residents can park. One resident aid "Can I park in that bike lane after 7PM, or is it the lane of traffic next to the bike lane that I can park after 7PM. In either case all cars must be removed by 7AM.


229 Days and Counting

 


What can I do to the people of the Bronx today since I don't have to care about getting re-elected? Thank you Bronx DOT Commissioner Nivardo Lopez for taking blocks of needed parking on Southern Boulevard next to the Bronx Zoo for a protected bike lane. 

Nivardo, however next time make sure that the proper notice to the community is given o we don't have to void those tickets we gave out by the Traffic Agents.



Monday, May 17, 2021

Governor Cuomo Announces the 2021 TCS New York City Marathon to Return for 50th Running on November 7

 

World Renowned Race Will Operate at 60% of Typical Participant Field
 
COVID-19 Health and Safety Guidelines in Place for Participants and Event Staff

 Governor Andrew M. Cuomo today announced that the TCS New York City Marathon will return for its 50th running this year on November 7. The race will operate at 60 percent of its usual participant field for a total of 33,000 runners. This landmark marathon is being planned with COVID-19 health guidelines which are subject to change as the public health conditions change. As of now, the race's health protocols include staggered start times, social distancing, masks, and health screenings to ensure the race operates in the safest way possible. Registration is expected to open on Tuesday, June 8.

"In 2019, the New York City marathon broke records to become the world's largest marathon ever," Governor Cuomo said. "While canceling the race was the right choice in 2020, we are excited to welcome runners back to our beautiful city. New Yorkers worked hard to flatten the curve after the COVID-19 outbreak and it is that work that allows us to bring back this iconic event for its 50th running."

As public health conditions change over the coming months, the TCS New York City Marathon will adapt and adhere to applicable protocols - such as social distancing, masks, health screening, and cleaning and disinfection, where necessary - to provide a safe and successful race.

In addition to reduced capacity, other health and safety protocols are planned to be in effect for participants, event staff, and volunteers to maximize social distancing, reduce touchpoints and contacts, promote communication, and promote health and well-being.

The current TCS New York City Marathon Health and Safety Plan reflects:

  • Staggered start times between runners based on pace, space, and release timing over several additional hours
  • Appropriate social distancing at all times, including before and after the race, except for members of the same household or family
  • Required masks at all times for event staff and volunteers. Runners will wear masks before and after the race      
  • Mandated health screening of participants, event staff, and volunteers which may include proof of full vaccination status or recent negative test result
  • Start and finish lines will be controlled access for participants, event staff, and volunteers; a limited number of spectators may be permitted at the finish line, in accordance with health and safety guidelines
  • Modified race day activities to reduce any unnecessary congregations including pre-packaged amenities, no baggage service, no public-facing awards ceremony, and limited on-site entertainment

Ted Metellus, Race Director, TCS New York City Marathon said, "This will be an unprecedented and historic year for the TCS New York City Marathon as one of the most iconic New York sporting events makes its return. As we stage a safe and memorable race for the 50th running, this year's marathon will showcase our great city's strength, inspiration, and determination."

Kerin Hempel, Interim CEO, NYRR said, "At NYRR we are looking forward to once again being part of New York City's comeback story. We can't wait to welcome the global running community to our city, and to experience the incredible energy that radiates along the streets of New York on Marathon Sunday."

Today's announcement builds on Governor Cuomo's recent measures to further reopen the economy given significant progress in vaccinations and sustained reduction in COVID-19 cases and hospitalizations. As of yesterday, 62 percent of New York's adults had received at least one vaccine dose and 52 percent had completed their vaccine series.

Additional TCS New York City Marathon details will be available here.

Governor Cuomo Updates New Yorkers on State Vaccination Program

 

70,722 Doses Administered in the Last 24 Hours

799,736 Doses Administered Over Past Seven Days

Vaccine Dashboard Updated Daily on the State's Vaccine Program Here


 Governor Andrew M. Cuomo today updated New Yorkers on the state's vaccination program. 70,722 doses have been administered across the state's vast distribution network in the last 24 hours, and 799,736 doses have been administered statewide over the past seven days.

"More New Yorkers continue to get vaccinated every single day in our state and its critical we do all we can to ensure that progress continues," Governor Cuomo said. "Creativity is key here-live events are increasing capacity for those who have been vaccinated, pop-up vaccination sites are being established at transportation hubs and we've expanded the availability of walk-in appointments. Now, New Yorkers need to take advantage of these resources, get their shot and do their part in helping rebuild and restart our great state-there is no reason not to."

All New York State mass vaccination sites are now open to eligible New Yorkers for walk-in vaccination on a first come first serve basis. The walk-in appointments are reserved for first doses only with second doses to be scheduled automatically after administration of the initial shot. In addition, all vaccine providers are encouraged to allow walk-in appointments for eligible New Yorkers. People who would prefer to schedule an appointment at a state-run mass vaccination site can do so on the Am I Eligible App or by calling 1-833-NYS-4-VAX. People may also contact their local health department, pharmacy, doctor or hospital to schedule appointments where vaccines are available, or visit vaccines.gov to find information on vaccine appointments near them.                                   

STATEWIDE BREAKDOWN

Total doses administered - 17,626,145

Total doses administered over past 24 hours - 70,722

Total doses administered over past 7 days - 799,736

Percent of New Yorkers ages 18 and older with at least one vaccine dose - 61.8%

Percent of New Yorkers ages 18 and older with completed vaccine series - 52.2%

Percent of all New Yorkers with at least one vaccine dose - 50.0%

Percent of all New Yorkers with completed vaccine series - 41.8%

Governor Cuomo Announces Lowest Statewide 7-Day Average Positivity Rate Since September 29, 42 Straight Days of Decline

 

Patient Hospitalizations Drop to 1,581 - Lowest Since November 9

7-Day Hospitalizations Drop to 1,775 - Lowest Since November 15; 46 Straight Days of Decline

ICU Patients Drop to 387 - Lowest Since November 14

228 Patients Intubated

Statewide Positivity Rate is 1.26%

11 COVID-19 Deaths in New York State Yesterday - Lowest Since October 30

 

 Governor Andrew M. Cuomo today updated New Yorkers on the state's progress during the ongoing COVID-19 pandemic.

"The people of New York have proven their strength over the last year and it's thanks to their vigilance that we are getting closer to fully reopening the state," Governor Cuomo said. "As the numbers continue to go down, we are reopening more sectors of our economy and loosening restrictions wherever we can, while still keeping health and safety a top priority. As we continue build on this positive momentum, we look forward to welcoming New Yorkers and visitors alike back to the businesses, events and landmarks that make up the fabric of the Empire State."

Today's data is summarized briefly below:

  • Test Results Reported - 101,173
  • Total Positive - 1,278
  • Percent Positive - 1.26%
  • 7-Day Average Percent Positive - 1.11%
  • Patient Hospitalization - 1,581 (-2)
  • Net Change Patient Hospitalization Past Week - -435
  • Patients Newly Admitted - 164
  • Number ICU - 387 (-5)
  • Number ICU with Intubation - 228 (+3)
  • Total Discharges - 179,950 (+161)
  • Deaths - 11
  • Total Deaths - 42,486