Federation notifies community of security breach

The Jewish Federation of Greater Pittsburgh announced on Friday that it experienced unauthorized access to its network in November.

“We take the security of the personal information entrusted to us very seriously, and moved immediately to secure our network,” said Jeff Finkelstein, the Federation’s CEO and president, in a prepared statement. “We engaged experienced cybersecurity professionals and reported the incident to law enforcement. We are now going through the process of notifying those individuals whose information may have been affected.”

Notifications by mail went out to those potentially affected beginning on Sept. 19. Notices also were to be delivered via email to those without physical addresses on record, and by newspaper advertisements.

Get The Jewish Chronicle Weekly Edition by email and never miss our top stories Free Sign Up

“We continue to take significant measures to protect information and to prevent an incident like this from happening again,” Finkelstein said. “Let me emphasize: the Federation’s financial accounts require multiple levels of authentication and were not at risk of unauthorized access at any time.”

Federation officials said there is no evidence directly linking the incident “to specific incidents of financial fraud or identity theft.”

After learning of the data breach, the Federation took additional steps to enhance the security of its network, “commenced a thorough investigation assisted by external cybersecurity professionals, and reported the incident to law enforcement,” according to a notice on the Federation’s website. “Following the completion of the investigation, it was determined that some of the Federation’s files may have been accessed or removed by the unauthorized individual(s) between November 5, 2024, and November 12, 2024,” and the Federation then conducted a thorough manual review of the impacted data.

On Aug, 20, 2025, the Federation determined that “the potentially impacted files may contain personal information of certain individuals,” that may include: “name, Social Security number and/or tax identification number, driver’s license or government issued identification number, date of birth, online account access credentials, financial information, health insurance information and/or limited medical information.”

The Federation encourages those impacted “to take actions to help protect their personal information, including placing a fraud alert and/or security freeze on their credit files, and/or obtaining a free credit report,” the notice on the website states. “Additionally, individuals should always remain vigilant in reviewing their financial account statements, explanation of benefits statements and credit reports for fraudulent or irregular activity on a regular basis and report any suspicious activity to the proper authorities.”

The Federation is providing complimentary credit monitoring and identity theft protection services for those whose Social Security number may have been impacted.

For further questions about this incident, or to determine if affected, individuals may contact the dedicated response line at 1-833-844-7059 (toll free), available Monday through Friday, from 8 a.m. to 8 p.m., excluding holidays. More information can be found here. PJC
—