The Oregon Zoo has warned that the payment card information of 117,815 customers may have been compromised by cybercriminals.
In an August 16 customer notice, the company announced that an unauthorized actor had redirected customers’ transactions from a third-party vendor that processed online ticket purchases.
This potentially allowed attackers to obtain payment card information used for transactions on the website from December 20, 2023, to June 26, 2024.
Read now: American Express warns against disclosure of credit card data through third-party data protection
Potentially compromised customer payment information includes names, payment card numbers, CVV, and expiration dates.
No social security numbers were affected by the attack.
On June 26, the Oregon Zoo first became aware of suspicious activity on its online ticketing service, which led to the site being shut down and an investigation being launched.
The Federal Police were informed of the incident and the relevant state regulatory authorities were notified in writing.
Zoo customers are exposed to a high risk of fraud
The Oregon Zoo urged potentially affected customers to regularly check their bank statements and monitor free credit reports to identify possible cases of identity theft and fraud.
All suspicious charges should be reported to the bank that issued the payment card. Additionally, contact the Federal Trade Commission, your state’s attorney general, and law enforcement to report attempted or actual identity theft and fraud.
The Zoo offers these customers free access to credit monitoring services for one year.
Read now: New head of PCI SSC outlines further development of payment security in the course of the standard update
Ray Kelly, a fellow at the Synopsys Software Integrity Group, commented on the story, saying it was “alarming” that the diverted payments went unnoticed for six months before the breach was discovered.
“If your website accepts payments or collects user data in any form, you are simply a potential target. Maintaining a strong and proactive cybersecurity posture is critical for any business to combat these threats and protect its users,” Kelly noted.
The Oregon Zoo added that it is reviewing its existing safety policies and procedures to reduce the likelihood of similar events in the future. The organization has also decommissioned its previous online ticketing website and created a new secure website for online ticket purchasing.
Photo credit: ARTYOORAN / Shutterstock.com
