San Diego-based Agent of Change notifying students that personal and sensitive information accessed by hackers

We End Violence LLC is notifying an unspecified number of students that their personal information may be in the hands of hackers after the Agent of Change web site was accessed by unauthorized individual(s). The compromised personal information includes gender identity, ethnicity, relationship status, sexual identity, and other personally identifiable information. Here is their notice:

September 4, 2015

San Diego – The Agent of Change website is providing notice to website users about a recent incident that may affect the security of certain personal information.

What Happened?  On August 24, 2015 we discovered a potential intrusion into our website server. We quickly moved to investigate this issue. In an abundance of caution, we took down the Agent of Change website on August 26, 2015. Third-party computer forensics experts were retained to assist with an investigation into the nature and scope of any intrusion. While the investigation is ongoing, it has been determined that there was unauthorized access to certain personal information relating to Agent of Change website users, including the user’s name, student ID number, email address (both the one provided by the school and any email provided by the user upon registering), the user’s Agent of Change username, the user’s Agent of Change password, gender identity, race, ethnicity, age, relationship status, sexual identity and the name of the user’s college or university.

What We Are Doing.  In addition to taking down the Agent of Change website and working with third-party computer forensics, we have been working with our web developers to restore the site in a secure manner. We have also notified all of our affected clients about this incident and the steps we have taken since discovering this incident.

What You Can Do.  While we do not have any evidence that the information related to the users of the Agent of Change website has been misused, there are several steps users can take to protect themselves. We will require that users change the passwords associated with their Agent of Change account. We strongly encourage users to change their passwords for other accounts if their Agent of Change password is used elsewhere. Best practices for creating secure passwords include the following:

  • Passwords should be complex and include the following:
    • Password must be 8-15 characters long
    • Password must contain at least 1 uppercase letter
    • Password must contained at least 1 lowercase letter
    • Password must include 1 special character (Examples: [email protected]#$%^&*()_-+={[}]|\:;\”‘<,>.?/~`)
  • Passwords should be changed on a frequent schedule and individuals should have different passwords for each site that they visit.
  • Review challenge question answers to see if they are on social media sites. Please be careful when selecting questions and answers as unauthorized users will mine data to try and guess answers to challenge questions.

We also want to advise users to be on the look out for potential phishing emails. Phishing emails are typically attempting to steal personal information through legitimate-looking email messages from legitimate-looking email addresses. If you have received a suspected phishing email, please consider the following:

  • Before clicking on a link, mouse over it to view the link address and ask yourself if it seems legitimate.
  • Do not open or follow unsolicited/unexpected attachments or email links.
  • If there is even a shred of doubt, forgo clicking on the link or attachment until you confirm that the link or attachment is legitimate.
  • Do not provide a user ID or password in email, do not reply to emails asking you to send any personal information, and do not respond to emails that require you to enter personal or financial information directly into the email.

Additional steps users can take to protect themselves are included below.

The security of the personal information in our care is one of our highest priorities. We sorry for the inconvenience this incident has caused our users. If users have questions about the about the incident, they can call (877) 218-2930, 6 a.m. to 4 p.m. PST, Monday through Friday. Please use reference number 6751090215 when calling.

The additional steps can be found on their notification web site.

About the author: Dissent

Comments are closed.