ECA informs customers of ticket sales security breach; says confident issues have been resolved
In an email sent to more than 13,000 customers Monday, the Edmonds Center for the Arts warned that hackers earlier this spring had broken into the computer databases of Vendini, Inc, the ECA’s online ticket sales agent — raising the possibility that individual credit card information might have been compromised.
ECA Executive Director Joe McIalwain said that the ECA delayed notifying patrons to avoid interfering with an investigation by federal authorities into the incident, and that he is confident that Vendini has addressed the issues related to the security breach.
“We found out about this in late May,” McIalwain said. “At that point the federal investigation was still ongoing, and Vendini advised us to hold off informing our customers for the time being. Things have now progressed to where we can share this information, and we responded with this morning’s email to our customers and patrons.”
According to McIalwain, the break-in of the California-based Vendini system occurred on April 25. Concerned that early release of information could tip off the perpetrators and compromise the investigation, authorities directed Vendini to hold off informing its customers while the investigation was ongoing. In a move to protect customer accounts and records, however, authorities informed banks and credit card agencies to be on the lookout for any unauthorized account activity that might result from the Vendini break-in.
Vendini is a national company with hundreds of customer ranging from performing arts venues such as ECA to casinos to cruise lines. Customer records from all Vendini customers would have been accessible to the intruders. Vendini released a statement to its customers on May 21. In it they described the break-in, and informed customers that personal information including name, mailing address, email address, phone number, credit card numbers and expiration dates could have been stolen. They also pointed out that credit card security access codes, PIN numbers, user names and passwords were not accessed by the intruder. See the full statement here.
Upon learning of the intrusion, Vendini engaged a team of computer forensic and cyber security experts to investigate, troubleshoot, and enhance its system security. This comprehensive overhaul is now complete, McIalwain said.
“If we had any doubts about their addressing this issue effectively, we wouldn’t be with them,” he said. “But with these enhanced security measures in place, Vendini is stronger than ever. We could hardly be working with a more secure partner.”
“We thought it was right to release this information today,” McIalwain added. “Of the more than 13,000 emails we sent out, 30 customers responded with questions. Of these, only four reported any suspicious credit card activity over this time period. In none of these could we confirm a Vendini/ECA transaction.”
“We want the community to know that ECA is not taking this issue lightly,” he concluded. “We are part of an incredible community, and are proud of our role in bringing world-class performing arts to Edmonds. Trust is a big part of this relationship, and this extends to Vendini and our other partners. We have no doubt that Vendini has addressed its issues, and that our customers and patrons can use their online ticket system with complete confidence.”
— By Larry Vogel