CityStage gift card customer information exposed
Technorati Tag: Security Breach
Date Reported:
1/28/09
Organization:
Springfield Performing Arts Development Corporation
Contractor/Consultant/Branch:
CityStage
Location:
Springfield, Massachusetts
Victims:
Customers
Number Affected:
60
Types of Data:
"credit card information"
Breach Description:
"SPRINGFIELD - A security breach involving CityStage's computer system might have exposed credit card information of 60 customers on the Internet, theater officials acknowledged Tuesday."
Reference URL:
The Republican
Report Credit:
Jack Flynn, The Republican
Response:
From the online sources cited above:
SPRINGFIELD - A security breach involving CityStage's computer system might have exposed credit card information of 60 customers on the Internet, theater officials acknowledged Tuesday.
Cynthia J. Anzalotti, president of the Springfield Performing Arts Development Corp., which oversees CityStage, said the breach was limited to customers purchasing holiday gift cards, and not patrons buying tickets to plays on the theater's Web site.
"We can't emphasize that enough," said Anzalotti, who said gift card purchases represent a very small percentage of the CityStage's overall business.
[Evan] Do you see the motive behind this statement?
The theater sent letters to customers who purchased gift cards online during December, stating the usual security measures to protect credit card numbers might have been compromised, Anzalotti said.
[Evan] It appears to me that sensitive information requires more than just the "usual security measures".
The theater also notified its lawyer, various credit card companies and the state attorney general's office, Anzalotti said.
An audit is also under way of the CityStage computer system to determine exactly what happened, though Anzalotti said the breakdown probably occurred in December while the theater's Web contractor was changing servers.
"We never had anything like this before," Anzalotti said.
[Evan] As far as you know.
The only complaint received by CityStage came from Chicopee lawyer John M. Corridan, who called after receiving the letter last week.
Corridan said hundreds of dollars in toys were fraudulently charged to his card in late December.
Forced to cancel the card, Corridan endured a week of financial havoc, he said.
"I was running around for a week like a chicken without a head," Corridan said. "Both my wife and I have businesses; when we canceled the card, we had to deal with vendors and advertisers who though we had cut them off."
The response by CityStage also left something to be desired, Corridan said.
"They were entirely indifferent," Corridan said. "They offered to have their lawyer call me."
[Evan] It's not unusual for organizations to act indifferent to breaches. Too many do.
Anzalotti and Tina M. D'Agostino, the marketing director, said Corridan was the only gift card customer who was claiming fraudulent charges on his card.
In addition, Corridan wanted to be reimbursed for his trouble, but would not provide proof that any illegal charges had been made on his card, Anzalotti said.
Corridan said nobody at the theater specifically asked to see his credit card records and offered only a vague explanation about what had happened.
"I figured at least they might say 'Sorry. See a couple of plays on us'," he said. "But no such luck."
Commentary:
I think Mr. Corridan was right on in his comment about CityStage being indi
fferent about this breach. I get little sense that they care, and more of a sense that this is a nuisance to the company.
Past Breaches:
Unknown
Date Reported:1/28/09
Organization:
Springfield Performing Arts Development Corporation
Contractor/Consultant/Branch:
CityStage
Location:
Springfield, Massachusetts
Victims:
Customers
Number Affected:
60
Types of Data:
"credit card information"
Breach Description:
"SPRINGFIELD - A security breach involving CityStage's computer system might have exposed credit card information of 60 customers on the Internet, theater officials acknowledged Tuesday."
Reference URL:
The Republican
Report Credit:
Jack Flynn, The Republican
Response:
From the online sources cited above:
SPRINGFIELD - A security breach involving CityStage's computer system might have exposed credit card information of 60 customers on the Internet, theater officials acknowledged Tuesday.
Cynthia J. Anzalotti, president of the Springfield Performing Arts Development Corp., which oversees CityStage, said the breach was limited to customers purchasing holiday gift cards, and not patrons buying tickets to plays on the theater's Web site.
"We can't emphasize that enough," said Anzalotti, who said gift card purchases represent a very small percentage of the CityStage's overall business.
[Evan] Do you see the motive behind this statement?
The theater sent letters to customers who purchased gift cards online during December, stating the usual security measures to protect credit card numbers might have been compromised, Anzalotti said.
[Evan] It appears to me that sensitive information requires more than just the "usual security measures".
The theater also notified its lawyer, various credit card companies and the state attorney general's office, Anzalotti said.
An audit is also under way of the CityStage computer system to determine exactly what happened, though Anzalotti said the breakdown probably occurred in December while the theater's Web contractor was changing servers.
"We never had anything like this before," Anzalotti said.
[Evan] As far as you know.
The only complaint received by CityStage came from Chicopee lawyer John M. Corridan, who called after receiving the letter last week.
Corridan said hundreds of dollars in toys were fraudulently charged to his card in late December.
Forced to cancel the card, Corridan endured a week of financial havoc, he said.
"I was running around for a week like a chicken without a head," Corridan said. "Both my wife and I have businesses; when we canceled the card, we had to deal with vendors and advertisers who though we had cut them off."
The response by CityStage also left something to be desired, Corridan said.
"They were entirely indifferent," Corridan said. "They offered to have their lawyer call me."
[Evan] It's not unusual for organizations to act indifferent to breaches. Too many do.
Anzalotti and Tina M. D'Agostino, the marketing director, said Corridan was the only gift card customer who was claiming fraudulent charges on his card.
In addition, Corridan wanted to be reimbursed for his trouble, but would not provide proof that any illegal charges had been made on his card, Anzalotti said.
Corridan said nobody at the theater specifically asked to see his credit card records and offered only a vague explanation about what had happened.
"I figured at least they might say 'Sorry. See a couple of plays on us'," he said. "But no such luck."
Commentary:
I think Mr. Corridan was right on in his comment about CityStage being indi
Past Breaches:
Unknown
Posts Atom 1.0
Comments