Attacks/Breaches
12/10/2013
03:40 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

L.A. Gay & Lesbian Center Information Systems Compromised By Cyberthieves

Attack designed to collect credit card, Social Security numbers, and other financial information

LOS ANGELES, Dec. 10, 2013 /PRNewswire-USNewswire/ -- The L.A. Gay & Lesbian Center was recently the victim of a sophisticated cyberattack that, according to data security and technology experts, was designed to collect credit card, Social Security numbers and other financial information, although there is no evidence that anyone's information was actually accessed or acquired.

The Center is working with law enforcement officials to identify those responsible for this criminal act at the same time it is notifying approximately

59,000 clients and former clients, in English and Spanish, that information related to them may have been compromised between September 17, 2013 and November 8, 2013. The information potentially exposed may have included name, contact information, credit card information, medical or health care information, Social Security number, date of birth, and health insurance account number.

The Center began notifying potentially affected individuals out of an abundance of caution on December 2, 2013. Potentially affected people will be notified within a week and receive a toll-free number to call with any questions.

Additional information will be available on the home page of the Center's

website: lagaycenter.org.

For all those who are potentially impacted, the Center has engaged Experian, one of the leading providers of credit monitoring, to provide one free year of its ProtectMyID Alert product.

"The Center takes the privacy of our clients very seriously," said Center CEO Lorri L. Jean. "After learning of this attack, we took immediate steps to further safeguard the information currently on our servers and, though no organization can ever be assured that its data is 100% protected, we are working with data security and technology experts to guard against future attacks."

Immediately after an employee on the Center's information technology team became suspicious that sophisticated malware may have evaded the Center's security measures, the organization retained the services of data security and technology consultants. They determined that this type of attack is designed to acquire Social Security numbers, credit card information and other financial data and confirmed on November 22, 2013 that the security of certain client data may have been compromised. By December 3, 2013 they had confirmed that additional client data may have been compromised.

About the L.A. Gay & Lesbian Center

For more than 40 years, the L.A. Gay & Lesbian Center has been building the health, advocating for the rights and enriching the lives of LGBT people. We serve more LGBT people than any other organization in the world with services ranging from LGBT specialty care to cultural arts programs; from housing homeless youth to hosting life-enriching programs for seniors. Learn more at lagaycenter.org.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web