The Harvard-Westlake Parents’ Association Party Book fundraising website experienced a security breach last week, compromising bidders’ credit card information, President Rick Commons notified parents and faculty in an email March 5.
Commons emphasized that the breach was limited to those who had used credit cards on the auction website and would not affect the school database, website, or credit card processing.
“We outsource Party Book and the auction to a company called Click Source who works with Curtis, Harvard-Westlake, Brentwood and numerous independent schools in the Los Angeles area,” Party Book co-chair Sahaja Douglass said (Liam ’18). “And it’s not hugely sophisticated; [the owner’s] an incredibly lovely man and he offers a great service but it’s not like he’s Amazon. He didn’t have really good encryption or firewalls.”
Douglass said the administration was still looking into the attack’s specific source.
“Harvard-Westlake’s IT [Information Technology] is investigating the scope of it, but they’re not sure whether it was [the Click Source] website that was compromised or… it is possible that somebody on a PC was hacked or had a virus and somehow that virus sent them their credit card number, sort of like what happened to Neiman Marcus and Target,” Douglass said.
The school will provide a full year of credit monitoring and identity-theft protection to families who have been affected by the breach, Commons said in a second email Friday evening. He also recommended that people who have used the website take “risk-mitigation steps,” including checking their credit card statement and changing usernames and passwords.
“I am very grateful for the broad support and understanding of the Harvard-Westlake community as we work through the Party Book/Auction breach, and I am truly sorry for the trouble and inconvenience it has caused,” he said.
In addition to the community-wide email, Commons informed parents who were attending the drug and alcohol presentation Wednesday evening of the breach.
“Rick Commons I think handled it very well,” Executive Vice President of the Parents’ Association Bea Torrado-Ridgley (Jacqueline ’14, Anthony ’15), whose credit card information was stolen, said. “It was very generous of the school to [offer credit monitoring] and ultimately they’re taking responsibility, so I admire what they’re doing and they were right on top of it.”
The Party Book website has been disabled, but tickets for events can still be obtained by contacting Party Book Co-Chairs Jackie Klein (Jacob ’16) and Douglass.