Thousands of visitors to the Oregon Zoo might have had their credit card information stolen over a six-month period.
The data breach affected close to 118,000 people from Dec. 20, 2023, to June 26, 2024, according to a notification sent to the Maine attorney general’s office last week. Attorneys general across the country often post public notices of large data breaches, when they impact people in multiple states.
FILE - People line up to enter the Oregon Zoo on June 28, 2019, in Portland, Ore.
Laurie Isola / OPB
The zoo sent notifications to more than 77,000 Oregonians and nearly 23,000 Washington residents whose information may have been compromised, according to the Oregon Zoo.
Zoo officials said they learned of the data breach following a monthlong investigation, after noticing suspicious behavior from the third-party vendor that operated the zoo’s ticketing service.
The ticketing site received a number of failed transactions, alerting zoo staff that something was wrong.
“We learned that an ‘unauthorized actor’ had redirected customer transactions from the third-party vendor that processes our online ticket purchases, potentially obtaining payment card information,” zoo spokesperson Hova Najarian said in an email to OPB.
The zoo is still calculating how much revenue from online ticket sales it lost from its ticketing service being down for several weeks.
Najarian said no customers have reported losing money as a result of the breach.
The zoo notified federal law enforcement, then decommissioned their previous ticketing site and constructed a new one. Potential victims have been notified, and the Oregon Zoo is offering free credit monitoring for one year, Najarian said.
