The Harvard-Westlake Parents’ Association Party Book fundraising website experienced a security breach, compromising parents’ credit card information, President Rick Commons notified parents and faculty in an email March 5. Commons emphasized that the breach was limited to those who had used credit cards on the auction website and would not affect the school database, website, or credit card processing.
“We outsource Party Book and the auction to a company called Click Source who works with Curtis, Harvard-Westlake, Brentwood and numerous independent schools in the Los Angeles area,” Party Book co-chair Sahaja Douglass (Liam ’18) said. “And it’s not hugely sophisticated; [the owner’s] an incredibly lovely man and he offers a great service but it’s not like he’s Amazon. He didn’t have really good encryption or firewalls.”
Douglass said the administration was still looking into the attack’s specific source.
“Harvard-Westlake’s Information Technology department is investigating the scope of it, but they’re not sure whether it was [the Click Source] website that was compromised… It is possible that somebody on a PC was hacked or had a virus and somehow that virus sent them their credit card number, sort of like what happened to Neiman Marcus and Target,” Douglass said.
The school will provide a full year of credit monitoring and identity-theft protection to families who have been affected by the breach, Commons said in a second email March 7.
“I am very grateful for the broad support and understanding of the Harvard-Westlake community as we work through the Party Book/Auction breach, and I am truly sorry for the trouble and inconvenience it has caused,” he wrote.
Commons also recommended that people who have used the website take “risk-mitigation steps,” including checking their credit card statement and changing usernames and passwords.
“People have been incredibly understanding,” he said. “I haven’t had people blaming the school even though it is our responsibility.”
Commons also informed parents who were attending the drug and alcohol presentation March 5 of the breach.
“Rick Commons I think handled it very well,” Executive Vice President of the Parents’ Association Bea Torrado-Ridgley (Jacqueline ’14, Anthony ’15), whose credit card information was stolen, said. “It was very generous of the school to [offer credit monitoring] and ultimately they’re taking responsibility, so I admire what they’re doing and they were right on top of it.”
The Party Book website has been disabled, but tickets and information about events can still be obtained by contacting Party Book Co-Chairs Jackie Klein (Jacob ’16) and Douglass.