More than 100,000 people who bought tickets online to the Oregon zoo may have had their credit card and other payment information stolen.
The zoo has confirmed the news and has started report persons affected by the infringement.
“On June 26, 2024, we became aware of suspicious activity within the Oregon Zoo’s online ticketing service. We immediately took the site offline and initiated an investigation to determine the nature and scope of the activity,” the breach notice reads. “On July 22, 2024, the investigation determined that an unauthorized actor diverted customer transactions from the third-party vendor that processed online ticket purchases and may have obtained payment card information from December 20, 2023 through June 26, 2024.”
Old website is closed
According to Oregon Zoo, the data stolen in this attack is more than enough to make online purchases, commit fraud, identity theft, and much more.
The criminals took people’s full names, payment card numbers, CVVs and expiration dates. In their report, BleepingComputer reported that a total of 117,815 people have been notified of the breach (or will be notified in the coming days and weeks).
Following the incident, Oregon Zoo launched an investigation and alerted federal law enforcement. Additionally, the previous online ticketing website was taken down and a new, more secure website was built. Additionally, all affected individuals are being offered free credit monitoring and identity protection services through Cyberscout for 12 months.
While stealing people’s credit card details is a disaster, it’s worth noting that those who steal the data rarely use it. Instead, they sell it to their colleagues. While there’s no rule, scammers usually use these credit cards to buy ads on ad networks like Google Ads and to promote various malicious campaigns.
In any case, victims are advised to cancel their credit cards and request replacements. They are also advised to review all purchases made with their credit cards since late last year.