Description
See Tickets, a global ticketing services company, detected suspicious activity on several of its e-commerce platforms in May of 2023. A subsequent investigation revealed that cybercriminals had injected malicious code into the company’s checkout pages. This unauthorized code enabled the attackers to capture customer information transactions processed between February 28, 2023, and July 2, 2023. The compromised data included names, addresses, zip codes, payment card numbers, card expiration dates, and CVV numbers of over 323,000 people. The company filed a data breach notice with the Maine Attorney General’s Office on September 6, 2023. Notably, this incident marked the second occurrence of such an attack on See Tickets’ websites within a 12-month period. The prior attack compromised the credit card data of more than 400,000 customers.
Basis of the Case and Settlement
A lawsuit was filed on September 11, 2023 alleging that the Defendant failed to properly secure and safeguard the Plaintiff’s and other similarly situated customers’ payment card information and other sensitive records during the attack. The suit goes on to assert that the Defendant failed to properly monitor the computer network and systems that housed the Private Information, and if they had, the data breach would have been discovered sooner. While the Defendant has offered one year of free credit monitoring services, the Plaintiff states that those affected will be forced to incur out of pocket costs for things such as purchasing credit monitoring services, credit freezes, credit reports, or other protective measures to deter and detect identity theft. The case was settled in September 2024 for $3.25 million. Under the settlement terms, affected individuals could claim up to $2,000 for various expenses and an additional $5,000 for extraordinary losses related to the breach. Class members were offered a choice between three years of free credit monitoring or a potential cash payment of up to $100.
Call to Action
This incident highlights the importance of conducting regular security assessments and persistent monitoring. Frequent security assessments and penetration testing could have identified vulnerabilities in the e-commerce platform before they had could have been exploited. These assessments should be conducted by both internal teams and external security experts to ensure a comprehensive evaluation. They should cover all aspects of the system, including the application layer, network infrastructure, and backend databases. File integrity monitoring (FIM) tools could have alerted the security team to unauthorized changes in the website’s code by continuously checking for any modifications to critical system files, web application code, or configuration settings.
Any internet facing web application must be protected by a web application firewall (WAF) that can block attempts to inject malicious code into the various application components. A WAF serves as a critical first line of defense that can filter out many potential threats before they reach the application server. Employing secure coding practices and regular code reviews can also minimize vulnerabilities.
HALOCK recognized in 2024 Verizon Data Breach Investigations Report (DBIR) on how to estimate risk.
Estimate risk based on real threat data. Read Appendix D in the 2024 Verizon Data Breach Investigations Report (DBIR) to augment your risk analysis.