Global ticketing giant See Tickets has disclosed a data breach affecting customers’ credit card information for the second time in the past 12 months.
See Tickets, owned by Vivendi Ticketing, confirmed the latest breach in a filing with Maine’s attorney general this week.
The ticketing company said that it became aware of “unusual activity” on its e-commerce websites in May. An investigation carried out by an unnamed cybersecurity firm discovered that hackers “inserted multiple instances of malicious code into a number of its e-commerce checkout pages.”
This suggests that hackers used credit card skimming malware, where malicious code injected into a website’s checkout pages can steal payment card details submitted by customers.
As a result, the hackers responsible accessed names, addresses, and customer payment card information used to make purchases on the See Tickets website between February 28 and July 2, the notice states. This information includes customers’ debit or credit card numbers in combination with security, access codes, passwords or PIN numbers for the card.
According to the notice, the hackers accessed data on more than 323,000 See Tickets customers.
In the letter sent to those affected, See Tickets notes that its investigation into the breach completed on July 21 and that the company “moved quickly to notify you” — despite the company taking more than six weeks to inform affected customers.
This is See Tickets’ second breach in recent months.
In October 2022, See Tickets revealed that hackers accessed customers’ payment card details after event checkouts were compromised for more than two years. The company said that the skimming began on June 25, 2019, but the code was not discovered until April 2021. It wasn’t until almost a year later in January 2022 that the malware was fully removed from the See Tickets website. It’s still not known how many individuals were affected by this breach.