[BreachExchange] Breaking: Shubert Organization Informs Customers of Data Breach
Destry Winant
destry at riskbasedsecurity.com
Fri May 24 09:10:50 EDT 2019
https://www.ticketnews.com/2019/05/shubert-organization-data-breach/
TicketNews has learned that The Shubert Organization – one of the
largest operations in theatre both on and beyond Broadway – has
suffered a data breach, including customer email addresses, names, and
credit card numbers and expiration dates.
At this time, it is unclear whether this is a limited-scale breach
involving a handful of accounts, or a wider breach that could affect
the organization’s foundation or ticketing operations – which includes
ownership of Telecharge as well as secondary market operations like
Entertainment Benefits Group. An email request for details on the
breach sent to a media relations executive for the company Tuesday
morning has not yet received a response.
Affected customers have been contacted via a letter providing notice
of the breach, one of which was forwarded to TicketNews. The letter
detailed what Shubert knows regarding the breach, and that it is
providing 24 months of credit monitoring services through TransUnion
Interactive system. It also included information on “Steps You Can
Take to Protect Against Identity Theft and Fraud.”
Per the letter, the company became aware of “unusual activity related
to an employee’s email account” on or about February 11 of this year.
An investigation revealed “unauthorized access to some employees’
email accounts” that took place between February 8 and 11 prior to it
being detected.
“While the investigation was unable to confirm the scope of the
information that was accessed within the affected email accounts,
Shubert is notifying you in an abundance of caution because we have
confirmed that your information was present in the affected email
accounts.”
For whatever number of consumers the breach could affect, the letter
indicates that their investigation concluded in mid-March that
“information present in the affected email accounts includes your
name, credit card number and credit card expiration date.”
We will update this story with more information as it becomes available.
More information about the BreachExchange
mailing list