Ticket office alerting patrons after vendor's security breach
A computer security breach at the company that provides ticketing services for the Michigan Union Ticket Office may have allowed unauthorized access to credit card information for customers who bought tickets between Sept. 1, 2011, and April 25, 2013.
The security intrusion occurred at Vendini Inc., not U-M, and also involves many other ticketing outlets across the United States and Canada.
MUTO is contacting approximately 33,000 patrons who purchased tickets through its system during the affected time frame.
The situation affects purchases made through MUTO at its ticket office on the ground floor of the Union, by phone, online and at venues the day of a performance. Venues for which MUTO sells tickets include the Power Center, Hill Auditorium, Mendelssohn Theatre, Rackham Auditorium and The Ark, as well as occasionally for smaller campus venues.
The information in the Vendini database includes names, mailing addresses, phone numbers, credit card numbers and expiration dates. Vendini does not collect credit card security access codes such as CVV, CVV2 or PIN numbers, Social Security numbers, usernames or passwords.
"We deeply regret that this situation has occurred and offer our sincerest apologies. U of M requires the highest level of Payment Card Industry compliance security internally and with the vendors we work with," the letter from MUTO states.
"We have taken this Vendini Ticketing System breach very seriously and have expressed our concerns in order to ensure that the point of infiltration has been identified and closed. We have also insisted that the highest level of compliance is in effect and certified by an independent firm."
MUTO patrons affected by this security breach are encouraged to review Vendini’s statement on the matter, which also includes important resources regarding identity theft protection. Persons who suspect a fraudulent transaction should contact their credit card company.
"To protect against the possibility of fraud, we urge all of our members’ consumer-patrons to remain vigilant, to review credit card account statements and to monitor credit reports for any unauthorized activity," the Vendini statement says.
The company says it believes a third party hacked into its databases in late March, and that the unauthorized intrusion was detected on April 25. Vendini is actively cooperating with federal law enforcement, and its notification of the incident was delayed specifically to support law enforcement’s investigation.