By: Jared Evan

The New York City Fire Department is seeking to protect its members from being targeted online. The department recently put out a call in the City Record for consultant services “for the development and implementation of protective strategies to address the cyber threat of doxxing and to provide resiliency for the security of personal information.”

Doxxing is defined as the publishing of personal information on the internet with the intent to bully, harass or threaten others. The sick practice has become increasingly prevalent online. A radical pro-choice group recently doxxed six Supreme Court justices to spur protesters into showing up outside their homes to oppose overturning Roe v. Wade, the landmark ruling legalizing abortion.

An FDNY spokesman told The New York Post, “the move to increase cybersecurity wasn’t triggered by a doxxing incident involving one of the city’s Bravest. But the department has enormous databases with the personal information of its 15,000 emergency responders and other workers — as well as retirees and patients it treats responding to 911 calls — that could be vulnerable to cyberattacks. The search for the consultant is “part of the FDNY’s ongoing cybersecurity preparedness measures to protect the department’s data,” spokesman Frank Dwyer said. “The service should provide real time threat mitigation and recovery capabilities in the event of access to and misappropriation of personally identifiable data during the course of official duties as a member of the FDNY,” reads the note from the department.

“It’s an attempt to protect those who protect others. But it’s shocking that the department doesn’t already have such a plan in place,” said Oren Barzilay, president of Local 2807 representing FDNY/EMS emergency medical technicians, paramedics and fire inspectors. “It’s very alarming. Hacking or doxxing can happen to anyone. It could put any of us in harm’s way.” He also noted the danger of patients’ medical records being exposed. FDNY/EMS responds to 1.5 million 911 emergency calls a year and has millions of patients’ medical records in the department’s data system.

Researchers in a 2017 NYU study identified and analyzed more than 5,500 files associated with doxing and reported that: More than 90% of the doxed files included the victim’s address, 61% included a phone number, and 53% included an email address and 40% of victims’ online user names were made public, and the same percentage revealed a victim’s IP address.

While less common, sensitive information such as credit card numbers (4.3%), Social Security numbers (2.6%), or other financial information (8.8%) was also revealed.

32% of doxing victims closed or changed the privacy settings on their Instagram account and 25% adjusted the settings on a Facebook account after an attack.

10% of doxing victims altered their Instagram account and 3% changed their settings on Facebook once anti-abuse measures were in place the study explained.