Data breaches are happening on a regular basis as cybercriminals have been developing new techniques to infiltrate systems. A lot of incidents have been occurring, but the exposed data is deemed minor. However, with See Tickets’ breach, threat actors were finally capable of harvesting credit card information.
The ticketing service provider responsible for events, theatre, as well as concerts, has disclosed the breach a couple of days ago. This time around, cybercriminals were able to get their hands on inputted payment card details from customers.
The breach is huge considering what’s at stake. How did the threat actors do it? What does this mean to the affected victims? Make sure you give this guide a quick read.
A New Breach – Tickets to Credit Card Theft
Big companies all over the world are on edge as a lot of breaches have been occurring lately. Be it online retail stores such as MyDeal or the biggest provider in Australia “Optus,” threat actors are choosing wisely.
Such incidents can generate revenue, to an extent at least. However, when credit card information is involved, selling the information won’t be necessary anymore.
See Tickets disclosed the data breach and stated that cybercriminals managed to use a skimmer on its website to steal payment card details.
In case it’s not common knowledge, Skimmers reflect snippets of JavaScript code that individuals can inject within checkout pages. Once in place, they can harvest inputted information from customers, including payment data.
In See Tickets’ case, the threat actors were able to harvest the data of people who bought a ticket to a live entertainment event.
In an official statement, See Tickets shared that the actual breach occurred in 2021, but apparently, the aftermath didn’t see the light until now. Well, at least the malicious code has been removed.
The investigation kicked off once the breach was discovered. See Tickets sought the help of forensic experts and American Express, Visa, MasterCard, and Discover to investigate the incident further.
As a result, the company was able to determine that unauthorized parties may have accessed the following customer information:
- Full names
- Physical address
- ZIP code
- Payment card number
- Card expiration date
- CVV number
This is a lot of crucial information to expose, but at least Social Security Numbers, state identification numbers, and bank account information was not accessed. That’s mainly due to the fact that they’re not stored in See Tickets’ systems.
It Goes Way Beyond Credit Card Theft
While credit card theft should be the main concern here, cybercriminals can do so much more with the harvested data.
Aside from disclosing the breach, the company is advising you to stay vigilant when it comes to phishing emails.
Not only that, but you should also keep a keen eye on your credit card statements for any suspicious activities.
We don’t know how many customers were affected by the breach – let’s hope the skimmers were not injected on all of See Tickets’ five domains.
