UM Warns Ticket Buyers Of Security Breach

[Erica Absetz <erica () riskbasedsecurity com>]

http://detroit.cbslocal.com/2013/06/13/um-warns-ticket-buyers-of-security-breach/

ANN ARBOR (WWJ) - University of Michigan officials have contacted over
33,000 customers who bought tickets at the Michigan Union Ticket
Office in the last two years because their personal information may
have been compromised.

WWJ Newsradio 950′s Zahra Huber spoke with University of Michigan
spokesman Rick Fitzgerald.

“It was a security breach with the vendor Vendini Inc., that is used
by the University of Michigan’s Michigan Union Ticket office. So it’s
not a U of M security breach and it involves many other ticketing
outlets across the United States and Canada,” Fitzgerald said.

“At the University of Michigan, we decided to take the extra step and
notify our customers to make sure they were aware of the situation,”
Fitzgerald said.

He said U-M officials are now working with the vendor to make sure
they understand exactly what happened and to assure that the problem
has been solved.

In a statement, Vendini said a full-scale, internal investigation is
underway with outside computer forensic and cyber security experts.

“Although our internal investigation is ongoing, we believe that in
late March, a third-party criminal actor used hacking technologies to
access our databases and may have accessed personal information, such
as name, mailing address, email address, phone number, and credit card
numbers and expiration dates that belong to our members’
consumer-patrons.

“It is important to note we do not collect credit card security access
codes (e.g., CVV, CVV2, PINs), information that is typically needed to
complete a credit card transaction. Consumer-patron usernames or
passwords were not accessed by the intruder.” [Read more HERE].

The vendor  is urging anyone who bought tickets from the box office
anytime between September of 2011 and April of this year is advised to
double-check their bank statements.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.