See Tickets, an international ticket service provider, reported a data breach caused by an online skimmer that outed customers’ payment card information.
This means that anyone who has bought tickets online from See Tickets in recent years could be the victim of a credit card theft as a skimmer was running on its website from June 2019 to January 2022.
In April 2021, the company discovered the security breach and immediately launched an investigation with the help of a forensics firm. On January 8, 2022, the malicious software was successfully removed from the company’s website. Skimmers allegedly stole data for about 30 months by inserting JavaScript code into a purchase page.
According to the company, between 25 June 2019 and 8 January 2022, the attackers get data from customers when purchasing event tickets on the website. Name, address, zip code, payment card number, expiry date and CVV number were stolen.
The company also stated that no social security numbers, state identification numbers or bank account information were exposed because they are not stored by the company, and that it worked with Visa, MasterCard, American Express and Discover to identify the transactions affected.
Users should check their recent bank and/or credit card statements for suspicious transactions and notify their financial institution immediately if they notice suspicious activity.
However, the geographical reach and the actual number of victims are unknown, as no information has been released about them.
The sources for this piece include an article in CPOMagazine.