Cinema and media giant National Amusements has confirmed a breach in which hackers have stolen sensitive information from thousands of users, putting them at risk of identity theft.
The conglomerate filed a report with the Office of the Maine Attorney General stating that there was a data breach in December 2022. During the incident, the attackers stole sensitive personal information from 82,128 people.
National Amusements discovered the breach more than six months later, in August 2023, and began notifying affected individuals last week.
No details
While the dossier does not specify exactly what types of data were stolen, it does say that the attackers took “name or other personal identifying information,” along with financial account numbers or credit/debit card numbers (in combination with a security code, passcode, password, or PIN for the accounts). That means that the hackers most likely had valid payment information for over half a year, without anyone knowing.
Other details are scarce. We don't know who the attackers are or whether they breached National Amusements using malware or social engineering. These types of data breaches are often accompanied by a ransomware infection, but we don't know if that's the case here and if the company paid the ransom.
We also do not know whether the people affected are customers, clients or employees. In his writing, TechCrunch suggests that the latter could be the case, as the breach notification letter was sent through the Human Resources (HR) department, which typically handles employee-related matters.
The company declined media requests for further comment.
National Amusements is a cinema and media powerhouse with more than 1,500 theaters in the United States. It is also the parent company of Paramount, one of the world's leaders in premium entertainment content, and of CBS, an American commercial television and radio network.