Credit Card Security Breach: St. Louis Classical Guitar Society's Ticket Service Hacked
The St. Louis Classical Guitar Society, a local nonprofit music organization, sent out an alert this week to its e-mail list, warning members that the the company that runs its ticket services -- a San Francisco-based business called Vendini -- has been hacked. And for some who have purchased tickets through the society's website, that means their credit card data and personal information might have been compromised.
"This is hard for everybody," William Ash, president of the society, tells Daily RFT. "We are sorry for our patrons that this happened.... We are going to be totally transparent and make information available immediately."
What went wrong?
The breach in this case originated with Vendini, which the guitar society has contracted with over the last two years for its ticket services.
via vendini.com Vendini's website.
The company, in a statement sent to Daily RFT and in its message to the guitar society, says that, it detected an "unauthorized intrusion into its systems" which affected patrons who have used cards to make purchases through Vendini.
Vendini says that names and numbers may have been compromised and that it took "immediate steps to correct the problem, ensure the safety of patron information, and continue to provide all services without interruption." The service does not collect security access codes, like PINs, that are typically needed to complete a credit card transaction, the company notes.
For the guitar society, this means that members who used credit cards anytime between July of 2011 -- when it first started using Vendini -- through April 25 last month and directly entered credit card information into the Vendini system online could be affected. Transactions done in person or over the phone do not go through Vendini, Ash says.
(The guitar society may not be the only entity in St. Louis impacted by Vendini's breach).
Ash emphasizes that, with the help of Vendini, his organization should be able to identify everyone impacted and will send them personal e-mails alerting them, meaning that members who do not get additional messages from the guitar society should be safe. It could, however, be several hundred, but he doesn't know the specifics yet, he says.
Ash and Vendini officials both say that they are confident that as of April 25, the problem has been resolved and the systems are secure for use.
"I'm upset about this," Ash says, adding, "We'll do everything we can to make it right."
via Facebook Guitar Society working in a school.
Vendini discovered the problem last month, but delayed notifying customers until recently, it says, in an effort to support federal law enforcement's investigation. Questions around possible delays in notification echo the controversy at Schucks, which is facing lawsuits alleging that the supermarket chain took too long to tell customers.
Continue for more from William Ash and for the full statement and alert from Vendini.