In June 2023, New Haven’s city and Board of Education suffered a significant business email compromise attack. Hackers accessed municipal email accounts between June 1 and June 18 nhregister.com+3govtech.com+3itpro.com+3govtech.com+5newhavenct.gov+5nbcconnecticut.com+5.
As a result, personal details for 404 individuals—including current city employees, retirees, vendors, and others—may have been exposed. The compromised data spanned:
- Names and dates of birth
- Social Security and driver’s license numbers
- Financial account and individual tax ID numbers
- Health insurance and medical information itpro.com+5newhavenct.gov+5nhregister.com+5
Following an internal forensic audit, the city began mailing notification letters on June 25, 2024. So far, letters have reached 334 individuals with known contact information, while 70 others are being notified via a website notice and toll‑free phone line newhavenct.gov+1nhregister.com+1.
No reports of resulting fraud or identity theft have emerged, but the city is offering a complimentary one‑year membership to identity protection and credit monitoring services to affected individuals ctmirror.org+9nbcconnecticut.com+9newhavenct.gov+9.
Here’s what New Haven has done post‑incident:
- Recovered nearly $5.1 million of the approximately $5.9 million stolen in the related fraud incident govtech.com+7ctpost.com+7nhregister.com+7
- Hired a new chief technology officer, onboarded external cybersecurity auditors, and strengthened IT and financial controls nhregister.com