Hackers compromised the online ticket payment system at Oregon Zoo, compromising the financial information of over 110,000 animal enthusiasts across multiple months.
Sensitive personal data, including name, credit card numbers, CVV codes, and expiration dates, was compromised when 117,815 individuals’ information was entered onto the Oregon Zoo’s website, exposing it to potential fraud during online ticket purchases.
On June 26, 2024, the zoo became aware of suspicious activity in its online ticketing system, prompting swift action to take the website offline while investigating the nature and extent of the issue; concurrently, a temporary secure alternative website was established to enable continued online ticket sales.
The zoo filed a report with regulators stating that, as of July 22, 2014, an unauthorized party had successfully obtained guests’ credit card information between December 20, 2023, and June 26, 2024.
The Oregon Zoo’s breach notification lacked detail regarding the theft, but it seems likely they were victims of a sophisticated skimming attack.
Hackers typically infiltrate company servers, compromising sensitive databases to pilfer vast amounts of data, including encrypted passwords, email addresses, phone numbers, and potentially confidential financial information.
While most data breaches typically involve some form of financial information compromised, a rare exception is the theft of full-fee card details, including the CVV security code, which is usually not stored by companies due to its sensitive nature.
Despite precautions, a malicious script embedded on a compromised website may secretly collect sensitive information, such as credit card details, before transmitting them to a third-party payment processor.
Companies whose prospects have been severely impacted by previous phishing attacks recognize the importance of implementing robust cybersecurity measures, including advanced threat detection systems, regular security audits, and employee training on best practices for data protection.
Following the Oregon Zoo data breach, concerns are likely to arise about the potential misuse of stolen credit card information online, resulting in losses for cardholders, issuers, and merchants.
Following the incident at the zoo, affected visitors are receiving complimentary access to a 12-month credit score monitoring package, as well as identity protection services, to help them mitigate any potential risks. As an added precaution, they are advised to be vigilant of unsolicited communications and closely monitor their accounts for any suspicious activity.
