See Tickets, the global ticketing company owned by Vivendi Ticketing, has disclosed a data breach that has compromised customers’ credit card information for the second time in the past year. The breach was confirmed in a filing with Maine’s attorney general, indicating that the company became aware of “unusual activity” on its e-commerce websites in May. Following an investigation by an undisclosed cybersecurity firm, it was determined that hackers had inserted malicious code into several of the company’s e-commerce checkout pages.
Key Takeaway
Global ticketing company See Tickets has suffered a second data breach, compromising customers’ payment data, including credit card information. The breach occurred due to the insertion of malicious code into the company’s e-commerce checkout pages. Over 323,000 customers were impacted by the breach, raising concerns about See Tickets’ ability to safeguard customer data. This incident follows a previous breach in 2022, highlighting the company’s vulnerability to cyber threats.
This breach highlights the use of credit card skimming malware, where hackers inject malicious code into a website’s checkout pages to steal payment card details entered by customers. As a result, the hackers gained access to customer names, addresses, and payment card information used for purchases on the See Tickets website between February 28 and July 2. The compromised information includes debit or credit card numbers in combination with security codes, access codes, passwords, or PIN numbers.
Extent of the Breach
According to the notice sent to affected customers, the data breach impacted over 323,000 See Tickets customers. The breach investigation concluded on July 21, and the company claims to have promptly notified affected individuals. However, it is worth noting that it took over six weeks for the company to inform the customers, raising concerns about the promptness of their response to the breach.
This incident marks the second known breach suffered by See Tickets in recent months. In October 2022, the company revealed that hackers had gained access to customers’ payment card details through compromised event checkouts for a period of more than two years. The skimming activity began in June 2019 but went undetected until April 2021. It took See Tickets nearly a year, until January 2022, to completely remove the malware from their website. The full scope of the impact from this earlier breach is still unknown.