This was originally posted on June 1, 2022.

In response to inquiries we have received regarding the agency’s May 27, 2022 State Technology Law § 208 notice, please be advised that the file that the New York State Office of Information Technology Services (“NYS OITS”) – which manages JCOPE’s web applications and databases – believes was improperly accessed did not contain any information other than old passwords and user names for an outdated application, JCOPE’s legacy Financial Disclosure System, which was replaced in 2015 and no longer exists.

Although the password requirements for the current FDS system, which is accessed through New York government (“NY.gov”) accounts, are much more rigorous than those that were in effect 2015 and earlier, and all passwords must be changed annually – i.e., FDS filers have been required to use more complex passwords and to make multiple password changes over the intervening years – as yet another precaution, NY.gov accounts that matched against the obsolete FDS accounts were promptly flagged for a forced password reset on next login.

Finally, an extensive, in-depth, and lengthy forensic analysis by NYS OITS confirms that there is no evidence that JCOPE’s current system for the filing of Financial Disclosure Statements – which, by law, are available to the public – was improperly accessed at any time.