Photo: GOCMEN / iStock / Getty Images
A data breach in 2024 exposed the personal information of over 1,600 Ulster County government employees and retirees. The breach involved the Alera Group, a consultant managing the county's employee benefits. County Executive Jen Metzger criticized the delayed notification, calling it "inexcusable." The breach occurred between July 19 and August 4, 2024, but the full extent was only confirmed in April 2025.
The compromised data potentially includes sensitive information such as names, Social Security numbers, and medical records. Alera Group has since sent letters to affected individuals and is offering 24 months of complimentary credit monitoring. Metzger expressed dissatisfaction with Alera Group's response, stating, "Immediate action should have been taken by the Alera Group to enroll employees in credit monitoring at the point of the data breach." She is considering legal action and has notified the New York State Attorney General.
County Comptroller March Gallagher is reviewing how the breach was handled. Gallagher noted that employees received numerous notifications, highlighting that Alera Group works with various entities not contracted with Ulster County, potentially increasing data exposure risks. Metzger assured employees of ongoing updates and encouraged enrollment in the credit monitoring program.
Mid Hudson News and Daily Freeman reported that Alera Group has implemented additional cybersecurity measures and completed a comprehensive investigation with third-party specialists.