Applicants to New York City’s affordable housing lottery program may be victims of a data breach, a CBS News New York investigation revealed.
A recent investigation revealed that personal information from hundreds of thousands of applications—some going back years—was publicly accessible online. The exposed data included salaries, home addresses, phone numbers, and, in certain instances, Social Security numbers.
Applicants’ Personal Information Surfaced in Search Results
Imagine typing your name into a search engine and seeing your apartment application—along with all the private details you shared with a landlord—among the top search results.
That’s exactly what happened to some applicants in New York City’s affordable housing lottery program. Their applications were just a few among hundreds of thousands that were found online, fully accessible to the public.
CBS News New York Investigates received a tip via email, alerting them that a website used to internally organize apartment applications for the city’s Housing Connect lottery was showing up in search results. The site often ranked high on Microsoft Bing, Yahoo, and DuckDuckGo when someone searched for an applicant’s name.
Those results linked to other pages containing vast lists of names, phone numbers, incomes—and in some cases—even Social Security numbers.
“Is that why I’ve been getting so many scam calls?” one applicant asked.
“Of course it worries me, because it’s not only my information, it’s my family’s information,” said another.
Company Says It Has Removed Applicants’ Information
The platform displaying applicants’ personal data is operated by Reside New York, a company authorized by the city to process tenant applications for private building developers participating in the program. The city designates Reside New York and similar firms as “Qualified Marketing Agents.”