‘See Tickets’ Website Checkout Compromised for Two Years; Hackers Stole Credit Card Data

See Tickets, a ticketing company with businesses worldwide, has just revealed that it's fallen victim to a data breach that spanned over two years.

Data breaches can have many causes, ranging from sophisticated attacks against a company's infrastructure to employee negligence. The case of See Tickets, though, stems from a type of attack that's not all that common.

In June 2019, attackers compromised the See Tickets website and embedded specially crafted code in the checkout function so they could steal payment information for sales. The problem is not necessarily that it happened but that it took the company such a long time to discover, fix and eventually inform potential victims.

"See Tickets was alerted to activity indicating potential unauthorized accessby a third party to certain event checkout pages on the See Tickets website in April 2021," explained the company in the data breach notification.

"We promptly launched an investigation with the assistance of a forensics firm and took steps to shut down the unauthorized activity. Our response efforts had multiple phases and resulted in the complete shutdown of the unauthorized activity in early January 2022."

All the people who bought tickets on the website between June 25, 2019 and Jan. 8, 2022 could be victims. The stolen data includes name, address, zip code, payment card number, card expiration date, and CVV number.

The company said it contacted users who might have been affected by the data breach and advises them to check their bank statements and look out for suspicious transactions. It's also a good idea to be wary of any phishing emails that could further affect the victims.