The Oregon Zoo recently faced a data breach, raising concern for the safety of personal information.
The Oregon Zoo, which hosts thousands of visitors each year, recently disclosed a data breach. The breach compromised the personal and financial information of over 117,000 individuals who had purchased tickets through the zoo's online ticketing service. The incident occurred between December 20, 2023, and June 26, 2024. The zoo became aware of suspicious activity within its online ticketing system on June 26.
Upon further investigation, the zoo determined that an unauthorized actor had managed to redirect customer transactions from the third-party vendor responsible for processing online ticket purchases, potentially gaining access to sensitive information such as full names, payment card numbers, CVVs, and expiration dates.
The breach was extensive, with the zoo notifying all affected individuals and offering free credit monitoring and identity protection services for a period of 12 months. In response to the incident, the zoo immediately decommissioned the previous online ticketing website and built a new, more secure platform to prevent similar breaches from occurring in the future.
In the breach notification letter sent to affected individuals, the Oregon Zoo acknowledged the gravity of the situation, stating, "Maintaining the confidentiality, privacy and security of customers’ information is our priority. Our response to this event included initiating an investigation and notifying federal law enforcement. We are reviewing our policies and procedures to reduce the likelihood of similar events in the future."
The Oregon Zoo data breach is a reminder that any institution can be vulnerable to data breaches. The exposure of sensitive information like payment card details and personal data puts thousands of individuals at risk of identity theft and financial harm. This breach also illustrates the increasing pressure on organizations, regardless of their industry, to secure their digital environments as everyday interactions and transactions shift online.
Yes, legal action can result from a data breach, as affected individuals or organizations may sue for damages caused by the breach.
Healthcare organizations can reduce the risk of data breaches by implementing strong cybersecurity measures, conducting regular security training for employees, and using encryption to protect sensitive data.
Upon discovering a data breach, a healthcare organization should contain the breach, assess the scope of the impact, notify affected individuals and relevant authorities, and begin an investigation to understand how the breach occurred and how to prevent future incidents.
Related: HIPAA Compliant Email: The Definitive Guide