See Tickets is one of the world’s leading ticketing service providers that has been making headlines for becoming the victim of a data breach. The company is owned by the France-based media giant Vivendi. It disclosed news of the breach in notification letters published by numerous US states. However, the company hasn’t yet released any official statement.
Breach Overview
See Tickets is notifying customers about the exposure of its customer’s personal and financial data. The breach lasted more than two and a half years. The company informed its customers that attackers may have accessed their sensitive payment card data through a skimmer injected on the See Tickets website.
For your information, skimmers are brief JavaScript codes injected into website checkout pages primarily to steal buyers’ payment card details. In See Ticket’s case, the credit card details of people who purchased tickets through this service to a live entertainment event were accessed.
Leaked Data Details
The Montana Attorney General’s office shared a data breach notification, according to which the breach was discovered in April 2021. The company started investigating the incident in collaboration with a forensics firm immediately, revealing that the breach happened on June 25, 2019.
The investigation continued until January 8, 2022, when the company shut down unauthorized activity completely. This took around nine months since the company was initially notified.
Following this, See Tickets took eight months to determine the leaked payment card data, including the following:
- Full name
- ZIP code
- CVV number
- Payment card number
- Card expiration date
- Physical address.
The company claims that Social Security Numbers, bank account info, and state identification numbers weren’t compromised because these details weren’t stored on its systems.
See Tickets Notification
See Tickets claimed that it was notified about a “potential unauthorized access by a third party to certain event checkout pages.” Its investigation spanned several phases and worked with MasterCard, Visa, Discover, and American Express to detect affected pages and transactions. Multiple forensics firms and law enforcement agencies participated in this “wide-ranging” investigation.
“Affected information may include the data you provided when purchasing event tickets on the See Tickets website between June 25, 2019, and January 8, 2022.”
See Tickets
See Tickets have warned customers to remain cautious of possible identity theft attacks and credit card fraud.
The breach’s nature is yet unconfirmed, and there’s no clarity on whether its global site was infected or the other five domains. The number of impacted customers isn’t specified. Reportedly, 90,000 customers were impacted in Texas alone, which means tens of thousands of customers could be affected by the data breach.
This however is not the first time when a ticketing website as big as See Tickets was compromised. In June 2018, ticketing site TicketFly suffered a massive data breach after a hacker leaked customers’ data online.