LOPSA CRM Breach Disclosure

08 Sep 2022 9:15 PM | Drew Adams (Administrator)

This post is quoted from the original published here

On Sep. 1st the LOPSA Board was notified that on Aug. 26th an administrator's account was used to gain unauthorized access to our member management system. As soon as the vendor detected the suspicious activity, they deactivated the compromised credentials, therefore stopping further access. The credentials were used to initiate a phishing attack, sending approximately 13,000 emails posing as Netflix to non-LOPSA member recipients. At this time we believe this to be the extent of the malicious activity, and we are working with our vendor to determine the full scope. With the credentials compromised it's possible that the attacker had access to all information on each member's profile including:

  •  Name
  •  Address
  •  Phone Number
  •  Email
  •  Job Title
  •  Membership Renewal/Status History
  • T-shirt Size

The attacker did not have access to password hashes or payment information.

We are currently working with the vendor to understand if any of our members' information was accessed and/or exported in any way.

Going forward we are looking into options to tighten security. We apologize for the inconvenience this will cause.

If you have any questions, please reach out at board@lopsa.org

 - Your LOPSA Board

The League of Professional System Administrators
1200 Route 22 East, Suite 200
Bridgewater, NJ, 08807
Email: info@lopsa.org

Powered by Wild Apricot Membership Software