The Oregon Zoo, one of the state's top tourist attractions, has announced a data breach that may have exposed the payment card information of more than 117,000 visitors.
The zoo discovered suspicious activity within its online ticketing service on June 26, 2024, as stated in a notice sent to affected individuals. An investigation subsequently determined that an unauthorized actor had been redirecting customer transactions from the third-party vendor processing online ticket purchases since December 23, 2023.
The investigation found that this redirection potentially allowed the attacker to obtain sensitive payment card data, including names, card numbers, CVV codes, and expiration dates, for all customers who made online purchases during the six months from December 20, 2023, to June 26, 2024.
"Maintaining the confidentiality, privacy, and security of customers' information is our priority," the zoo stated in its notice. "Our response to this event included initiating an investigation and notifying federal law enforcement."
To combat the breach, the zoo has decommissioned its previous online ticketing site and built a new secure platform for future transactions. It is also offering 12 months of complimentary credit monitoring and identity protection services through Cyberscout for all affected individuals.
Visitors who made online purchases at the Oregon Zoo during the impacted timeframe are advised to closely monitor their financial accounts, be cautious of any suspicious communications, and consider requesting replacement payment cards from their financial institutions.
It is crucial to remain vigilant as cybercriminals may exploit the compromised data to conduct fraudulent online transactions, potentially selling stolen goods at significant discounts to conceal their illicit gains. Stay alert if your information was affected by this breach to safeguard against potential risks.
The Oregon Zoo breach is the latest in a growing number of high-profile cyberattacks targeting the financial data of consumers. Experts emphasize that organizations must remain proactive in securing their digital assets to protect their customers from the risks of payment card fraud and identity theft.
Follow SecureWorld News for more stories related to cybersecurity.