Global ticketing company See Tickets recently revealed that it fell victim to a data breach which spanned for over two years.
Data breaches can have a variety of causes, ranging from sophisticated attacks against a company’s infrastructure to simple employee negligence. In the case of See Tickets, though, the form of attack used is not common whatsoever.
In June 2019, attackers compromised the See Tickets website and embedded specially crafted code in the checkout function in order to steal payment information for sales. The problem with this incident, however, is the fact that it took the company so long to discover, fix and eventually inform potential victims about the breach.
“See Tickets was alerted to activity indicating potential unauthorized access by a third party to certain event checkout pages on the See Tickets website in April 2021,” said the company in its data breach notice.
“We promptly launched an investigation with the assistance of a forensics firm and took steps to shut down the unauthorized activity. Our response efforts had multiple phases and resulted in the complete shutdown of the unauthorized activity in early January 2022,” See Tickets added.
Every user who bought tickets on the company’s website between the dates of June 25, 2019 and Jan. 8, 2022 could potentially be victims. The stolen customer data includes names, addresses, zip codes, payment card numbers, card expiration dates, and CVV numbers.
While the nature of the data breach hasn’t yet been confirmed, the released details could possibly indicate the presence of card data-stealing “skimmer” malware on See Tickets systems throughout the over 2-year period.
The company said that it contacted users who might have been impacted by the data breach and advised them to check their bank statements and be on the lookout for any suspicious transactions. Additionally, it’s a good idea to stay wary of any phishing emails that could further target potential victims. Reports suggested that over 90,000 See Ticket customers were affected in Texas alone, meaning that the total number could run up to hundreds of thousands in the US.