Hackers steal credit card information from Oregon Zoo customers
Cybercriminals succeeded in accessing Oregon Zoo’s computer systems and exfiltrate financial data of over 100,000 customers.
In the data breach notification addressed to the Office of the Maine Attorney General, Oregon Zoo says it became aware of ‘suspicious activities’ within the zoo’s online ticketing service on June 26. As soon as employees found out, the website was taken down to launch an investigation into the nature and scope of the incident.
The research was rounded up on July 22. Security experts discovered that an unauthorized actor infiltrated a part of the zoo’s systems and exfiltrated financial information of 117,815 customers that was processed by a third-party vendor.
“The personal information that could have been subject to unauthorized access includes name, payment card number, CVV and expiration date,” Oregon Zoo says in the data breach notice. No social security numbers were compromised in the breach.
The threat actor that’s responsible for the data breach may have potentially obtained personal financial information from December 20,2023, to June 26, 2024. As a precaution, Oregon Zoo reviewed all transactions from this period to identify anyone whose payment card information may have been affected.
Upon discovery, Oregon Zoo immediately contacted affected customers and notified federal law enforcement agencies.
The Portland-based zoo recommends potential victims to enroll in CyberScout’s credit monitoring service and be vigilant against identity theft and fraud by regularly checking their account statements.
The security incident was most likely the result of a skimming attack. In a skimming attack, hackers install malware onto e-commerce websites, allowing them to siphon payment information during the checkout phase of an online purchase.
Skimming attacks have been a well-known problem for online sellers for quite some time. According to Recorded Future News, 3,799 e-commerce platforms suffered an e-skimmer infection in July 2024. In the same period, threat actors posted 18.6 million records on the dark web that were for sale.
Your email address will not be published. Required fields are marked