More than 100,000 people who purchased tickets to the Oregon Zoo online may have had their credit cards and other payment information stolen.
The zoo confirmed the news and began notifying those affected of the breach.
“On June 26, 2024, we became aware of suspicious activity on the Oregon Zoo’s online ticketing service. We immediately took down the site and began an investigation to determine the nature and scope of the activity,” the breach notification letter reads. “On July 22, 2024, the investigation determined that an unauthorized actor redirected customer transactions from the third-party vendor that processed online ticket purchases, potentially obtaining payment card information from December 20, 2023, to June 26, 2024.”
The old website is closed
The Oregon Zoo said the data stolen in this attack is more than enough to make online purchases, commit electronic fraud, identity theft and more.
The criminals took people's full names, payment card numbers, CVVs, and expiration dates. In their report, Computer beeping reported that a total of 117,815 people have been notified of the breach (or will be notified in the coming days and weeks).
In response to the incident, the Oregon Zoo has launched an investigation and notified federal authorities. Additionally, the Zoo has taken down the previous online ticketing website and rebuilt a new, more secure website. Additionally, all affected individuals will be offered free credit monitoring and identity protection services through Cyberscout for 12 months.
While stealing credit card information is a disaster, it is worth mentioning that those who steal the data rarely use it. Instead, they sell it to their peers. Although there is no rule, criminals often use these credit cards to buy ads on advertising networks like Google Ads and promote different malicious campaigns.
In any case, victims are advised to cancel their credit cards and apply for a new one. They are also advised to review all purchases made with their credit cards since the end of last year.