Credit Card Security Breach: St. Louis Classical Guitar Society's Ticket Service Hacked

Categories: News

credit-card-file.jpg
via
Schnucks is not the only local entity to fall victim to a large credit card security breach.

The St. Louis Classical Guitar Society, a local nonprofit music organization, sent out an alert this week to its e-mail list, warning members that the the company that runs its ticket services -- a San Francisco-based business called Vendini -- has been hacked. And for some who have purchased tickets through the society's website, that means their credit card data and personal information might have been compromised.

"This is hard for everybody," William Ash, president of the society, tells Daily RFT. "We are sorry for our patrons that this happened.... We are going to be totally transparent and make information available immediately."

What went wrong?

The breach in this case originated with Vendini, which the guitar society has contracted with over the last two years for its ticket services.

vendini-website.jpg
via vendini.com
Vendini's website.

The company, in a statement sent to Daily RFT and in its message to the guitar society, says that, it detected an "unauthorized intrusion into its systems" which affected patrons who have used cards to make purchases through Vendini.

Vendini says that names and numbers may have been compromised and that it took "immediate steps to correct the problem, ensure the safety of patron information, and continue to provide all services without interruption." The service does not collect security access codes, like PINs, that are typically needed to complete a credit card transaction, the company notes.

For the guitar society, this means that members who used credit cards anytime between July of 2011 -- when it first started using Vendini -- through April 25 last month and directly entered credit card information into the Vendini system online could be affected. Transactions done in person or over the phone do not go through Vendini, Ash says.

(The guitar society may not be the only entity in St. Louis impacted by Vendini's breach).

Ash emphasizes that, with the help of Vendini, his organization should be able to identify everyone impacted and will send them personal e-mails alerting them, meaning that members who do not get additional messages from the guitar society should be safe. It could, however, be several hundred, but he doesn't know the specifics yet, he says.

Ash and Vendini officials both say that they are confident that as of April 25, the problem has been resolved and the systems are secure for use.

"I'm upset about this," Ash says, adding, "We'll do everything we can to make it right."

guitar-society-school.jpg
via Facebook
Guitar Society working in a school.

Vendini discovered the problem last month, but delayed notifying customers until recently, it says, in an effort to support federal law enforcement's investigation. Questions around possible delays in notification echo the controversy at Schucks, which is facing lawsuits alleging that the supermarket chain took too long to tell customers.

Continue for more from William Ash and for the full statement and alert from Vendini.

My Voice Nation Help
2 comments
Thee Lovingcup
Thee Lovingcup

It's not really a problem if your credit card gets hacked, they refund it, and you don't have to pay a disputed charge. A debit card is the problem, your actual money is gone and the bank doesn't always give it back right away. Remember when a bank issued ATM cards? On Bank of America's website, they advise to use a credit card so consumer has more protection.

Gregg Thomas
Gregg Thomas

Do you think hacking is a growing problem? That's a pretty stupid question. It's not just company’s databases and websites that are vulnerable. Anything with a computer chip and a way to transmit information to the internet can be hacked.

Now Trending

St. Louis Concert Tickets

From the Vault

 

General

Loading...