mailing list archives
LA Gay and Lesbian Center Compromised by Cyberthieves
From: "Dan O'Donnell" <dano () well com>
Date: Wed, 11 Dec 2013 10:35:29 -0800
L.A. Gay & Lesbian Center Information Systems Compromised by Cyberthieves
BY GAY TODAY – DECEMBER 10, 2013
The L.A. Gay & Lesbian Center was recently the victim of a sophisticated cyber attack that, according to data security
and technology experts, was designed to collect credit card, Social Security numbers and other financial information,
although there is no evidence that anyone’s information was actually accessed or acquired.
The Center is working with law enforcement officials to identify those responsible for this criminal act at the same
time it is notifying approximately 59,000 clients and former clients, in English and Spanish, that information related
to them may have been compromised between September 17, 2013 and November 8, 2013. The information potentially exposed
may have included name, contact information, credit card information, medical or health care information, Social
Security number, date of birth, and health insurance account number.
The Center began notifying potentially affected individuals out of an abundance of caution on December 2, 2013.
Potentially affected people will be notified within a week and receive a toll-free number to call with any questions.
Additional information will be available on the home page of the Center’s website: lagaycenter.org.
For all those who are potentially impacted, the Center has engaged Experian, one of the leading providers of credit
monitoring, to provide one free year of its ProtectMyID Alert product.
“The Center takes the privacy of our clients very seriously,” said Center CEO Lorri L. Jean. “After learning of this
attack, we took immediate steps to further safeguard the information currently on our servers and, though no
organization can ever be assured that its data is 100 percent protected, we are working with data security and
technology experts to guard against future attacks.”
Immediately after an employee on the Center’s information technology team became suspicious that sophisticated malware
may have evaded the Center’s security measures, the organization retained the services of data security and technology
consultants. They determined that this type of attack is designed to acquire Social Security numbers, credit card
information and other financial data and confirmed on November 22, 2013 that the security of certain client data may
have been compromised. By December 3, 2013 they had confirmed that additional client data may have been compromised.
About the L.A. Gay & Lesbian Center For more than 40 years, the L.A. Gay & Lesbian Center has been building the health,
advocating for the rights and enriching the lives of LGBT people. We serve more LGBT people than any other organization
in the world with services ranging from LGBT specialty care to cultural arts programs; from housing homeless youth to
hosting life-enriching programs for seniors. Learn more at lagaycenter.org.
SOURCE L.A. Gay & Lesbian Center
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
sales () riskbasedsecurity com
# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
- LA Gay and Lesbian Center Compromised by Cyberthieves Dan O'Donnell (Dec 16)