Not even zoos are safe from data breaches — Oregon Zoo warns visitors their details may have been stolen
Hackers pinch credit card data from people buying zoo tickets online
More than a hundred thousand people who purchased tickets to the Oregon Zoo online may have had their credit card and other payment information stolen.
The zoo has confirmed the news and begun notifying affected individuals of the breach.
“On June 26, 2024, we became aware of suspicious activity within the Oregon Zoo’s online ticketing service. We promptly decommissioned the site and began an investigation to determine the nature and scope of the activity,” the breach notification letter reads. “On July 22, 2024, the investigation determined that an unauthorized actor redirected customers’ transactions from the third-party vendor who processed online ticket purchases, potentially obtaining payment card information from Dec. 20, 2023, to June 26, 2024.”
Old website is shut down
Oregon Zoo explained the data stolen in this attack is more than enough to make online purchases, conduct wire fraud, identity theft, and more.
The miscreants took people’s full names, payment card numbers, CVVs, and expiration dates. In its writeup, BleepingComputer reported a total of 117,815 people were notified about the breach (or will be in the coming days and weeks).
In response to the incident, Oregon Zoo kicked off an investigation, and notified federal law enforcement. Furthermore, it decommissioned the previous online ticketing website, and rebuilt a new, more secure, website. Furthermore, all affected individuals will be offered free credit monitoring and identity protection services through Cyberscout, for 12 months.
While stealing people’s credit card information is a disaster, it’s worth mentioning that those who steal the data rarely use it. Instead, they sell it to their peers. Although there is no rule, crooks usually use these credit cards to purchase ads on advertising networks such as Google Ads, and promote different malicious campaigns.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In any case, victims are advised to cancel their credit cards and request a replacement. They are also advised to review all purchases made with their credit cards since late last year.
More from TechRadar Pro
- Nearly a million victims hit by massive BogusBazaar campaign — credit card details stolen, but here's how to stay safe
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.