IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

See Tickets admits it took nine months to remove malicious code from site

Any customer who gave their details to the company for nearly three years could be at risk

Online ticketing firm See Tickets has admitted that it did not remove malicious card-skimming code from its US website until nine months after it was initially detected, putting customer information at risk.

See Tickets first noticed unauthorised activity on its US website in April 2021 with a threat actor appearing to access event checkout pages. In response, the company hired a forensics firm to investigate further, and made efforts to cut the unauthorised activity.

However, it was not until January 2022 that the company fully ended the malicious activity. See Tickets has not explained why it took this long to take action, but in its consumer notification letter [PDF] stated that the efforts were undertaken in “multiple phases".

Customers who bought tickets through the See Tickets website between 25 June 2019 and 8 January 2022 may have been affected by the breach, with the potentially exposed data including names, addresses, and credit card information.

The time frame of the breach raises critical questions for the company, namely why it took so long to be detected, and why the security response then took another year to complete. 

Some reports suggested that the number of affected customers in Texas alone could be greater than 90,000, which would suggest a far larger number of total victims when applied to See Tickets’ activities across the United States.

Related Resource

Cost of a data breach report 2022

Discover the factors to help mitigate breach costs

Whitepaper cover with title and square image of line graph beginning to break and lift upFree Download

No indication has been given to suggest that See Tickets’ overseas customers have been affected by the breach, and the company has attempted to reach out to those involved directly.

Another nine months passed until 12 September, when the company came to the conclusion that the malicious activity had likely resulted in a data breach of sensitive customer information.

See Tickets states that it has worked closely with law enforcement, as well as card providers such as Visa, MasterCard, and American Express to identify transactions that may have been affected as a result of the activity.

“See Tickets is committed to safeguarding our customers’ personal information, and we value your privacy,” said the company in its letter.

“We have taken steps to deploy additional safeguards onto our systems, including by further strengthening our security monitoring, authentication, and coding.”

Given the nature of the breach, it is likely that the malicious code on the website was an exfiltration tool such as a ‘skimmer’. Such malware records details like credit card numbers used by customers during the checkout process.

With a large number of customers potentially involved in the attack, and the long period of compromise, this event could incur further legal interest in the months to come.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022