"See Tickets Discloses Major Card Data Breach"

Global ticketing giant See Tickets has recently begun notifying customers of a significant breach of their personal and financial information, which lasted for over two-and-a-half years.  The company, owned by French media firm Vivendi, revealed the news in breach notification letters published by various US states.  According to the published data breach notices, See Tickets was alerted to “potential unauthorized access by a third party to certain event checkout pages” on its site in April 2021.  The company noted that an investigation launched in concert with a forensics firm took until January 2022 to completely shut down the unauthorized activity, a full nine months after the initial alert.  It then took the firm another eight months to ascertain that customer payment card information had been compromised.  The company stated that its response efforts had multiple phases and resulted in the complete shutdown of the unauthorized activity in early January 2022.  In the following months, they worked with Visa, MasterCard, American Express, and Discover to identify potentially affected pages and transactions.  Affected information may include the data provided when purchasing event tickets on the See Tickets website between June 25, 2019, and January 8, 2022, including name, address, zip code, payment card number, card expiration date, and CVV number.  The nature of the breach has not yet been confirmed, but the details released so far could indicate the presence of card data-stealing “skimmer” malware on See Tickets systems during the 2.5 years. 

Infosecurity reports: "See Tickets Discloses Major Card Data Breach"