Data breach exposes private information of NYC housing lottery applicants

In July 2025, a significant data breach affected thousands of applicants in New York City's Housing Connect lottery program. The breach, first revealed by CBS News New York, showed that some applications appeared in search results, exposing sensitive information such as applicants' names, addresses, incomes, and in some cases, Social Security numbers. The incident raised considerable concern, prompting the chair of NYC Council's Housing Committee, Pierina Sanchez, to seek answers regarding how the information became publicly accessible and how many individuals' data were compromised. Authorities from the New York City Department of Housing Preservation and Development (HPD) stated that the issue stemmed from a "system misconfiguration" linked to Reside New York, a third-party contractor responsible for reviewing applications for the housing lottery on behalf of private developers. Acting HPD Commissioner Ahmed Tigani emphasized that the incident was unacceptable and that the department is prioritizing data protection measures to prevent future breaches. Additionally, Reside New York confirmed they quickly took action to remove the exposed information once alerted and expressed commitment to ensuring accountability and better safeguards moving forward. In an investigation led by CBS, it was initially reported that the portal containing applications was accessible from May 2 to July 2, 2025. Reside New York examined the portal’s traffic and determined that while it contained approximately 480,000 applications, most of them were not viewed by anyone during that time. It was noted that only a fraction of Social Security numbers, all but 52, were visible on the pages accessed publicly, along with a minimal number of birthdates. Despite these findings, the city remains committed to addressing concerns over data privacy and security for applicants. In light of these events, Reside New York’s CEO, Martin Joseph, maintained that a third-party vendor was responsible for the exposure, emphasizing that they will undertake a thorough review of their security measures. He mentioned that precautions are being implemented to try and ensure that such breaches don't recur. The controversy highlights the vulnerabilities within online data management systems, raising questions about accountability, privacy, and the safety of sensitive applicant information in public housing initiatives. Amid growing apprehensions over the handling of personal data, the agencies involved face increasing pressure to enhance transparency and restore faith in their capabilities to protect public information.