Not even zoos are safe from data breaches — Oregon Zoo warns visitors their details may have been stolen

Hackers pinch credit card data from people buying zoo tickets online

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

More than a hundred thousand people who purchased tickets to the Oregon Zoo online may have had their credit card and other payment information stolen.

The zoo has confirmed the news and begunnotifyingaffected individuals of the breach.

“On June 26, 2024, we became aware of suspicious activity within the Oregon Zoo’s online ticketing service. We promptly decommissioned the site and began an investigation to determine the nature and scope of the activity,” the breach notification letter reads. “On July 22, 2024, the investigation determined that an unauthorized actor redirected customers’ transactions from the third-party vendor who processed online ticket purchases, potentially obtaining payment card information from Dec. 20, 2023, to June 26, 2024.”

Old website is shut down

Oregon Zoo explained the data stolen in this attack is more than enough to make online purchases, conduct wire fraud,identity theft, and more.

The miscreants took people’s full names, payment card numbers, CVVs, and expiration dates. In its writeup,BleepingComputerreported a total of 117,815 people were notified about the breach (or will be in the coming days and weeks).

In response to the incident, Oregon Zoo kicked off an investigation, and notified federal law enforcement. Furthermore, it decommissioned the previous online ticketing website, and rebuilt a new, more secure, website. Furthermore, all affected individuals will be offered free credit monitoring and identity protection services through Cyberscout, for 12 months.

While stealing people’s credit card information is a disaster, it’s worth mentioning that those who steal the data rarely use it. Instead, they sell it to their peers. Although there is no rule, crooks usually use these credit cards to purchase ads onadvertising networkssuch asGoogleAds, and promote different malicious campaigns.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In any case, victims are advised to cancel their credit cards and request a replacement. They are also advised to review all purchases made with their credit cards since late last year.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

MacBook Air OLED reportedly delayed until at least 2028 – here’s why