Attacks/Breaches
12/10/2013
03:40 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

L.A. Gay & Lesbian Center Information Systems Compromised By Cyberthieves

Attack designed to collect credit card, Social Security numbers, and other financial information

LOS ANGELES, Dec. 10, 2013 /PRNewswire-USNewswire/ -- The L.A. Gay & Lesbian Center was recently the victim of a sophisticated cyberattack that, according to data security and technology experts, was designed to collect credit card, Social Security numbers and other financial information, although there is no evidence that anyone's information was actually accessed or acquired.

The Center is working with law enforcement officials to identify those responsible for this criminal act at the same time it is notifying approximately

59,000 clients and former clients, in English and Spanish, that information related to them may have been compromised between September 17, 2013 and November 8, 2013. The information potentially exposed may have included name, contact information, credit card information, medical or health care information, Social Security number, date of birth, and health insurance account number.

The Center began notifying potentially affected individuals out of an abundance of caution on December 2, 2013. Potentially affected people will be notified within a week and receive a toll-free number to call with any questions.

Additional information will be available on the home page of the Center's

website: lagaycenter.org.

For all those who are potentially impacted, the Center has engaged Experian, one of the leading providers of credit monitoring, to provide one free year of its ProtectMyID Alert product.

"The Center takes the privacy of our clients very seriously," said Center CEO Lorri L. Jean. "After learning of this attack, we took immediate steps to further safeguard the information currently on our servers and, though no organization can ever be assured that its data is 100% protected, we are working with data security and technology experts to guard against future attacks."

Immediately after an employee on the Center's information technology team became suspicious that sophisticated malware may have evaded the Center's security measures, the organization retained the services of data security and technology consultants. They determined that this type of attack is designed to acquire Social Security numbers, credit card information and other financial data and confirmed on November 22, 2013 that the security of certain client data may have been compromised. By December 3, 2013 they had confirmed that additional client data may have been compromised.

About the L.A. Gay & Lesbian Center

For more than 40 years, the L.A. Gay & Lesbian Center has been building the health, advocating for the rights and enriching the lives of LGBT people. We serve more LGBT people than any other organization in the world with services ranging from LGBT specialty care to cultural arts programs; from housing homeless youth to hosting life-enriching programs for seniors. Learn more at lagaycenter.org.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web