BreachExchange mailing list archives
UM Warns Ticket Buyers Of Security Breach
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 14 Jun 2013 09:25:39 -0500
http://detroit.cbslocal.com/2013/06/13/um-warns-ticket-buyers-of-security-breach/ ANN ARBOR (WWJ) - University of Michigan officials have contacted over 33,000 customers who bought tickets at the Michigan Union Ticket Office in the last two years because their personal information may have been compromised. WWJ Newsradio 950′s Zahra Huber spoke with University of Michigan spokesman Rick Fitzgerald. “It was a security breach with the vendor Vendini Inc., that is used by the University of Michigan’s Michigan Union Ticket office. So it’s not a U of M security breach and it involves many other ticketing outlets across the United States and Canada,” Fitzgerald said. “At the University of Michigan, we decided to take the extra step and notify our customers to make sure they were aware of the situation,” Fitzgerald said. He said U-M officials are now working with the vendor to make sure they understand exactly what happened and to assure that the problem has been solved. In a statement, Vendini said a full-scale, internal investigation is underway with outside computer forensic and cyber security experts. “Although our internal investigation is ongoing, we believe that in late March, a third-party criminal actor used hacking technologies to access our databases and may have accessed personal information, such as name, mailing address, email address, phone number, and credit card numbers and expiration dates that belong to our members’ consumer-patrons. “It is important to note we do not collect credit card security access codes (e.g., CVV, CVV2, PINs), information that is typically needed to complete a credit card transaction. Consumer-patron usernames or passwords were not accessed by the intruder.” [Read more HERE]. The vendor is urging anyone who bought tickets from the box office anytime between September of 2011 and April of this year is advised to double-check their bank statements. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- UM Warns Ticket Buyers Of Security Breach Erica Absetz (Jun 14)