Wildey Theatre is found to be hacked

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.theintelligencer.com/local_news/article_a717e6fc-cf90-11e2-a095-001a4bcf887a.html

Customers who have purchased tickets from the Wildey Theatre may have
had their credit card numbers compromised by hackers, according to
city officials.

According to Police Chief Jay Keeven, the security breach was
discovered on April 25 and is believed to have happened in March.

The city obtained a list of approximately 6,000 names, from their
credit card processing firm Vendini, of individuals who they believe
may be vulnerable. A letter has been issued to everyone who may be at
risk.

“We do not know yet the extent of the ‘compromise’. Our investigators
are working with the credit card firm, their security operations and
the vendors with whom the city has contracts,” the statement said.

Keeven also stated that the there is no indication the breach included
transactions for utility bills, municipal court fines, ambulance runs
or any fees collected by the police department.

The processing company is currently still working with federal
authorities and trying to find out exactly what has been copied.

Although credit card numbers, names, e-mail addresses and phone
numbers may have been compromised, credit card security numbers,
social security numbers and usernames and passwords are not in danger
as they are not collected by Vendini.

The city has been assured by Vendini that steps have been taken to
prevent future intrusions into the system.

No calls have been received in regards to any misused credit cards
since the incident but Keeven wants people to be vigilant in
monitoring their credit card records and if any notice suspicious
charges to notify their credit card company and the police.

Friends of the Wildey President Rich Walker, stated that the Friends
of the Wildey receive donations from their website by credit card but
because a different processing company is used those credit card
numbers were not a part of the hacking.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.