LA Gay and Lesbian Center Compromised by Cyberthieves

["Dan O'Donnell" <dano () well com>]

http://gaytoday.com/index.php/2013/12/10/l-a-gay-lesbian-center-information-systems-compromised-by-cyberthieves/

L.A. Gay & Lesbian Center Information Systems Compromised by Cyberthieves
BY GAY TODAY – DECEMBER 10, 2013

The L.A. Gay & Lesbian Center was recently the victim of a sophisticated cyber attack that, according to data security 
and technology experts, was designed to collect credit card, Social Security numbers and other financial information, 
although there is no evidence that anyone’s information was actually accessed or acquired.

The Center is working with law enforcement officials to identify those responsible for this criminal act at the same 
time it is notifying approximately 59,000 clients and former clients, in English and Spanish, that information related 
to them may have been compromised between September 17, 2013 and November 8, 2013.  The information potentially exposed 
may have included name, contact information, credit card information, medical or health care information, Social 
Security number, date of birth, and health insurance account number.

The Center began notifying potentially affected individuals out of an abundance of caution on December 2, 2013.  
Potentially affected people will be notified within a week and receive a toll-free number to call with any questions.  
Additional information will be available on the home page of the Center’s website: lagaycenter.org.

For all those who are potentially impacted, the Center has engaged Experian, one of the leading providers of credit 
monitoring, to provide one free year of its ProtectMyID Alert product.

“The Center takes the privacy of our clients very seriously,” said Center CEO Lorri L. Jean.  “After learning of this 
attack, we took immediate steps to further safeguard the information currently on our servers and, though no 
organization can ever be assured that its data is 100 percent protected, we are working with data security and 
technology experts to guard against future attacks.”

Immediately after an employee on the Center’s information technology team became suspicious that sophisticated malware 
may have evaded the Center’s security measures, the organization retained the services of data security and technology 
consultants. They determined that this type of attack is designed to acquire Social Security numbers, credit card 
information and other financial data and confirmed on November 22, 2013 that the security of certain client data may 
have been compromised.  By December 3, 2013 they had confirmed that additional client data may have been compromised.

About the L.A. Gay & Lesbian Center For more than 40 years, the L.A. Gay & Lesbian Center has been building the health, 
advocating for the rights and enriching the lives of LGBT people. We serve more LGBT people than any other organization 
in the world with services ranging from LGBT specialty care to cultural arts programs; from housing homeless youth to 
hosting life-enriching programs for seniors. Learn more at lagaycenter.org.

SOURCE  L.A. Gay & Lesbian Center


_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.