L.A. Gay & Lesbian Center Data Breach (2013)

The L.A. Gay & Lesbian Center recently learned that the security of certain of our information systems was compromised by a criminal cyber attack apparently designed to collect social security numbers, credit card numbers and other financial information. Between November 22, 2013 and December 3, 2013 our forensic investigators confirmed that this attack potentially exposed certain of your information to unauthorized access and acquisition. I say potentially because, to date, there is no evidence that any information was actually accessed or acquired as a result of this criminal invasion. However, the information potentially exposed may have included your name, contact information, medical or healthcare information, date of birth, credit card information, Social Security number and health insurance account number. Based upon our investigation, the period during which your information may have been exposed appears to have been between September 17, 2013 and November 8, 2013. Out of an abundance of caution, we want to make you aware of the attack and our efforts to help safeguard your information. Immediately upon learning of this criminal attack and the potential exposure of private patient information, the Center took action. Specifically, upon learning of the potential of this incident, we promptly took the following actions: (i) curtailed the intrusion; (ii) hired numerous experts, including two leading national forensic investigation firms, to help us investigate the situation and determine the individuals and information potentially affected; and (iii) began the process of notifying potentially affected individuals. In addition, we have notified law enforcement and are taking steps to further guard against this type of criminal attack in the future. As always, we recommend that you remain vigilant by reviewing your explanation of benefits for medical services and financial account statements, as well as free credit reports for unauthorized activity. From the moment we learned of the potential exposure, our primary concern has been ensuring that you are protected against risks related to this incident. Therefore, we have engaged Experian, one of the leading providers of credit monitoring products, to provide you with its ProtectMyID Alert membership, including credit monitoring, for one year at no cost to you. Enclosed with this letter is information regarding these services and instructions for enrollment, as well as an insert providing additional useful information regarding steps you can take to protect yourself against identity theft. We have also engaged Experian to provide a dedicated call center to answer questions about this incident. If you have any questions regarding this incident or would like assistance enrolling in ProtectMyID Alert, please contact the Experian call center at 888-451-6562 from 6:00 AM to 6:00 PM, Pacific Time, Monday through Friday, or 8:00 AM to 5:00 PM, Pacific Time, Saturday and Sunday.