The Oregon Zoo has disclosed a significant data breach affecting more than 100,000 individuals, revealing serious vulnerabilities in its online ticketing system. The breach, which came to light in late June 2024, involved cybercriminals compromising the zoo’s payment processing platform. The attackers managed to redirect transactions from the zoo’s third-party vendor, which allowed them to potentially access sensitive payment card information. This includes customer names, credit card numbers, CVVs, and expiration dates from transactions that occurred between December 20, 2023, and June 26, 2024.
Upon discovering the unauthorized activity, the zoo took immediate action by decommissioning the affected website to prevent further damage and initiated a comprehensive investigation. The zoo has since confirmed that over 117,000 individuals’ payment information was exposed. In response, the organization has been working closely with federal law enforcement and has implemented measures to assist the affected individuals, including providing one year of credit monitoring services.
The incident at the Oregon Zoo is part of a troubling trend in which major zoological organizations are becoming targets of cyberattacks. Recent breaches at the Toronto Zoo and Tampa Bay Zoo further underscore the growing threat to such institutions. Payment-skimming malware remains a prevalent attack vector, with hackers embedding malicious tools on e-commerce sites to siphon credit card data during online transactions.
The rise in e-skimming attacks reflects a broader trend in payment fraud. In July 2024 alone, nearly 3,800 e-commerce domains were reported to be infected with e-skimmers. The dark web saw a surge in stolen card data, with millions of records posted for sale. This breach at the Oregon Zoo highlights the critical need for enhanced cybersecurity measures and vigilance in protecting sensitive financial information against increasingly sophisticated cyber threats.
Reference:
