NYPD loses fingerprint database due to malware infection

According to digital forensics specialists, a company that provides IT services to the New York Police Department (NYPD) accidentally disconnected the database of fingerprints for hours, all due to the use of a mini computer infected with a malware variant.

One of the employees of this company was installing a digital screen on the facilities of the Queens’ police academy last year, using the infected minicomputer. After connecting the device to the academy network, the malware spread to other 23 computers, all connected to NYPD’s fingerprint tracking system, powered by LiveScan technology.

Jessica Tisch of the New York City Department of Information Technology mentioned that just a few hours after NYPD detected the incident and determined that it was the intrusion of malware.

Subsequently, New York Police digital forensics experts reported the incident to federal cybersecurity and counterterrorism agencies, as it is a protocol of protection in place against any activity that could compromise the IT structure of police agencies in the US.

As for the malware that infected NYPD computers, Tisch mentioned that it was a ransomware variant, which could not be activated, so the files stored on the compromised computers were not encrypted. As a precautionary measure, The NYPD IT team decided to shut down their fingerprint systems.  

In addition to the temporary closure of this system, the software of at least 200 New York Police machines was updated: “We are taking all possible precautions,” Tisch said. The system shutdown lasted almost a full day.

On the other hand, an NYPD spokesman mentioned that less than 0.1% of the department’s computers were affected during this incident. NYPD did not disclose the name of the person involved, mentioning only that he was questioned about his actions, although he will not face criminal proceedings for now.

Digital forensics experts believe that such incidents should be thoroughly investigated, as exposing sensitive information could lead to thousands of users receiving phishing emails or even being victims of much more activities dangerous, such as identity theft. NYPD’s fingerprint system appears to be linked to around seven million files, so unauthorized access to this information could put many people at risk.

According to digital forensics specialists of the International Institute of Cyber Security (IICS), this year reports of hackers accessing databases managed by public entities have emerged, so it is not unfounded that it is not unfounded that some threat actor has gained access to NYPD information during this incident.