The See Tickets ticketing service provider has admitted that their company has experienced a data breach that started more than a few years ago. The ticketing provider informed its customers that a group of threat actors might have accessed their card details through a series of skimming attacks on its website.
Based on a data breach notification, See Tickets uncovered the attack in April last year with the help of third-party security researchers. Unfortunately, the malicious code in the attack was entirely obliterated from its website in January this year.
Additionally, the company concluded that last month there were unauthorised individuals that may have accessed their customer’s credit card data after working with forensics experts and credit card providers.
See Tickets held the malicious code for more than two years.
An investigation into the See Tickets issue revealed that the infection occurred in June 2019. Hence, the total duration of See Ticket’s customer information was over two years.
According to researchers, the customer data that the threat actors might have exfiltrated includes full names, addresses, ZIP codes, CVV numbers, payment card numbers, and card expiration dates.
Fortunately, See Tickets stated that state identification numbers, bank account details, or Social Security Numbers were not exposed during the data breach since their company did not keep them in its systems.
The company advised its users to be more vigilant in their credit card transactions since they will be prone to identity theft attacks. The attackers usually steal credit card information to buy products from online stores and then sell them to private individuals for money laundering campaigns.
Furthermore, the notice encourages the affected individuals to be wary of phishing emails or unwanted communication and closely observe their credit card statements for sketchy purchases or charges.
See Tickets has not offered free identity theft protection for its users, forcing concerned individuals to purchase one to put more defences on their information.
The current total number of affected users is still unidentified. See Tickets has not clarified if the skimmers have only infected the global site or the other five websites it runs for regional users in Europe, Canada, and the USA.
