The Los Angeles LGBT Center, the world’s largest non-profit organization providing services to the LGBTQ+ community, has allegedly fallen victim to a significant data breach. A threat actor has claimed responsibility for the attack, posting on a dark web forum that they have exfiltrated the organization’s database and made it available for download. The Los Angeles LGBT Center is a vital institution, offering a wide array of services including health, social services, housing, and advocacy for lesbian, gay, bisexual, and transgender people. The breach could have serious implications for the privacy and safety of the individuals it serves.
The perpetrator of the cyberattack alleges that they gained access to the Center’s systems by using a reused credential that was leaked in a previous incident. According to the post, the login details were used to access a backend remote access page. The actor claims to have downloaded the database within 30 minutes, before their access was discovered and revoked. A screenshot was also shared as alleged proof of the unauthorized access.
The leaked data, presented in an SQL file, appears to contain a wide range of sensitive personal information. An initial analysis of the file suggests that the following data may have been compromised:
- Email addresses
- Full Names
- Physical Addresses
- Internal IDs
- Hashed passwords
- LinkedIn profile URLs and other miscellaneous data
The exposure of such information places affected individuals at risk of phishing attacks, identity theft, and other malicious activities.
