More than a hundred thousand people who purchased tickets to the Oregon Zoo online may have had their credit card and other payment information stolen.
The zoo has confirmed the news and begun notifying affected individuals of the breach.
“On June 26, 2024, we became aware of suspicious activity within the Oregon Zoo’s online ticketing service. We promptly decommissioned the site and began an investigation to determine the nature and scope of the activity,” the breach notification letter reads. “On July 22, 2024, the investigation determined that an unauthorized actor redirected customers’ transactions from the third-party vendor who processed online ticket purchases, potentially obtaining payment card information from Dec. 20, 2023, to June 26, 2024.”
Old website is shut down
Oregon Zoo explained the data stolen in this attack is more than enough to make online purchases, conduct wire fraud, identity theft, and more.
The miscreants took people’s full names, payment card numbers, CVVs, and expiration dates. In its writeup, BleepingComputer reported a total of 117,815 people were notified about the breach (or will be in the coming days and weeks).
In response to the incident, Oregon Zoo kicked off an investigation, and notified federal law enforcement. Furthermore, it decommissioned the previous online ticketing website, and rebuilt a new, more secure, website. Furthermore, all affected individuals will be offered free credit monitoring and identity protection services through Cyberscout, for 12 months.
While stealing people’s credit card information is a disaster, it’s worth mentioning that those who steal the data rarely use it. Instead, they sell it to their peers. Although there is no rule, crooks usually use these credit cards to purchase ads on advertising networks such as Google Ads, and promote different malicious campaigns.
In any case, victims are advised to cancel their credit cards and request a replacement. They are also advised to review all purchases made with their credit cards since late last year.
More from TechRadar Pro
- Nearly a million victims hit by massive BogusBazaar campaign — credit card details stolen, but here's how to stay safe
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now
