BreachExchange mailing list archives
LA Gay and Lesbian Center Compromised by Cyberthieves
From: "Dan O'Donnell" <dano () well com>
Date: Wed, 11 Dec 2013 10:35:29 -0800
http://gaytoday.com/index.php/2013/12/10/l-a-gay-lesbian-center-information-systems-compromised-by-cyberthieves/ L.A. Gay & Lesbian Center Information Systems Compromised by Cyberthieves BY GAY TODAY – DECEMBER 10, 2013 The L.A. Gay & Lesbian Center was recently the victim of a sophisticated cyber attack that, according to data security and technology experts, was designed to collect credit card, Social Security numbers and other financial information, although there is no evidence that anyone’s information was actually accessed or acquired. The Center is working with law enforcement officials to identify those responsible for this criminal act at the same time it is notifying approximately 59,000 clients and former clients, in English and Spanish, that information related to them may have been compromised between September 17, 2013 and November 8, 2013. The information potentially exposed may have included name, contact information, credit card information, medical or health care information, Social Security number, date of birth, and health insurance account number. The Center began notifying potentially affected individuals out of an abundance of caution on December 2, 2013. Potentially affected people will be notified within a week and receive a toll-free number to call with any questions. Additional information will be available on the home page of the Center’s website: lagaycenter.org. For all those who are potentially impacted, the Center has engaged Experian, one of the leading providers of credit monitoring, to provide one free year of its ProtectMyID Alert product. “The Center takes the privacy of our clients very seriously,” said Center CEO Lorri L. Jean. “After learning of this attack, we took immediate steps to further safeguard the information currently on our servers and, though no organization can ever be assured that its data is 100 percent protected, we are working with data security and technology experts to guard against future attacks.” Immediately after an employee on the Center’s information technology team became suspicious that sophisticated malware may have evaded the Center’s security measures, the organization retained the services of data security and technology consultants. They determined that this type of attack is designed to acquire Social Security numbers, credit card information and other financial data and confirmed on November 22, 2013 that the security of certain client data may have been compromised. By December 3, 2013 they had confirmed that additional client data may have been compromised. About the L.A. Gay & Lesbian Center For more than 40 years, the L.A. Gay & Lesbian Center has been building the health, advocating for the rights and enriching the lives of LGBT people. We serve more LGBT people than any other organization in the world with services ranging from LGBT specialty care to cultural arts programs; from housing homeless youth to hosting life-enriching programs for seniors. Learn more at lagaycenter.org. SOURCE L.A. Gay & Lesbian Center _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- LA Gay and Lesbian Center Compromised by Cyberthieves Dan O'Donnell (Dec 16)