Second Cybersecurity Breach at See Tickets Exposes Customers’ Payment Data

• Cybersecurity

Global ticketing giant See Tickets has once again become a data breach victim, with hackers gaining access to customers’ credit card information. This marks the second incident in the past year, highlighting the company's persistent challenges in securing its digital assets.

In the digital world, data security breaches are becoming all too common. The recent breach at See Tickets, the global ticketing giant, is a stark reminder of this reality.

Data Breach Details

The company, a subsidiary of Vivendi Ticketing, confirmed the breach in a recent filing with Maine’s attorney general. See Tickets first noticed “unusual activity” on its e-commerce websites in May. A subsequent investigation by a cybersecurity firm revealed that hackers had inserted malicious code into several of its e-commerce checkout pages.

This method of attack, known as credit card skimming malware, allows hackers to steal payment card details directly from the checkout pages of a website. As a result, the cybercriminals could access the names, addresses, and payment card information of customers who purchased on the See Tickets website between February 28 and July 2. This data includes customers’ debit or credit card numbers, security codes, access codes, passwords, and PINs.

Extent of the Breach

The breach reportedly affected more than 323,000 See Tickets customers. The company completed its investigation into the incident on July 21 and quickly moved to notify the affected individuals. However, the company took over six weeks to inform its customers of the breach.

Repeat Offender

See Tickets has suffered multiple data breaches, most recently occurring in October 2022. Hackers accessed customers' payment card details for over two years through compromised event checkouts. The skimming started in June 2019 and continued until April 2021, when the code was discovered. It took until January 2022 to remove the malware from the company's website. The number of affected individuals from the previous breach is still unknown.

These incidents highlight the importance of implementing strong and proactive cybersecurity measures to safeguard customer data. Companies should conduct regular security audits and invest in advanced protective actions to stay ahead of ever-evolving cyber threats.