Notice to Users

In February 2021, ACLU NorCal became aware of a cybersecurity incident linked to our website, www.aclunc.org.   

A compromised user account led to malicious code being installed on our web server.  The malicious code redirected people trying to access our website to a phony page, prompting users to update their Google Chrome or Internet Explorer web browsers. 

In response, we immediately launched an investigation with the assistance of our third-party web administrator and helpdesk vendor to address the incident. We quickly eliminated the vulnerability, and we continue to maintain our security and monitor our systems.  

We have concluded our investigation and are updating people who visit our website of the findings. Below are the key points about the incident:

  1. The investigation confirmed that no credit card information was accessed.
  2. If you submitted information through one of our online forms, only general information may have been accessed. This includes IP addresses, email addresses, phone numbers, and mailing addresses. This information can generally be found in the public domain.  
  3. We do not collect Social Security numbers, driver’s license numbers, or dates of birth, therefore there was no exposure of this personal information.

Please rest assured we take seriously our responsibility to safeguard your privacy and in an abundance of caution, we are letting folks know so that they can take preventative steps to secure their systems. We also recommend you take this moment to visit our Privacy Policy and User Agreement linked in the main menu and footer of our homepage. 

Additional questions or concerns can be directed to Stephen Wilson, digital strategist for the ACLU of Northern California, at swilson@aclunc.org.