The NYPD’s high-tech fingerprint database was temporarily brought down by a bumbling contractor with a virus-infected mini computer, The Post has learned.
A contractor was setting up a digital display at the police academy in Queens on Oct. 5, 2018, when he plugged in a tainted NUC mini-PC — and it transmitted an unidentified virus to 23 machines linked to the department’s LiveScan fingerprint-tracking system, the NYPD confirmed.
Cops realized within hours that there had been a breach, according to Deputy Commissioner for Information Technology Jessica Tisch, who said the department’s cyber command and the Joint Terrorism Task Force were notified of the contamination.
“We wanted to get to the bottom of this,” Tisch said. “Was this plugged in maliciously was really important for us to get to the bottom of this.”
The virus — generally referred to as “ransomware” because it locks users out of infected computers until they pay a ransom — “never executed,” but the NYPD shut down LiveScan that night and reinstalled software on 200 computers citywide out of an abundance of caution, she said.
“By Saturday early morning — I remember it was still dark out — we were bringing the system online,” Tisch said.
The vendor, who was not identified, was questioned but not charged with wrongdoing. A department spokeswoman said the breach impacted .1 % of the department’s computers.
While the NYPD dodged a bullet in this case, experts say breaches in public databases are a serious security issue and a growing concern.
“There’s always a concern that, if there’s a breach, that information would be stolen,” said Adam Scott Wandt, a professor of cyber security at John Jay College of Criminal Justice in Manhattan. “Hackers might be able to find out what type of open cases are out there.”
“It’s a fairly complex world that we live in,” he added. “Everything is linked together. Government normally does a fairly good job of keeping hackers out, but every now and then there is a breach.”
The NYPD database is tied to the Statewide Automated Fingerprint Identification System, which contains about 7 million files, according to the state Division of Criminal Justice Services.
Until this month, the NYPD also maintained an illegal database of juvenile fingerprints that it was required to expunge years ago.
“If there was a breach prior to the expunging, then, yes, people would obviously be able to get access to that,” Wandt said of the illicit youth prints. “However, I think that the NYPD is not unique, that these are the same worries if there was a breach in any criminal justice database.”
In January, hackers broke into the Oklahoma Department of Securities database, leaving millions of government files unprotected, including records pertaining to FBI investigations dating to 1986.
In May, US Customs and Border Protection acknowledged that photos and license plates of travelers were compromised due to a breach of a subcontractor’s network.