Bridges auditorium ticketing service security breach leads to data leak

Bridges Auditorium’s third party ticketing service, AudienceView, experienced a data breach last month. (Ben Jones • The Student Life)

Last Wednesday, March 15, AudienceView, a third party ticketing vendor used by colleges nationwide, was overwhelmed by excessive student traffic and completely crashed, marking its second technological collapse in just 30 days. 

On March 4, Pomona College in conjunction with Information Technology Services (ITS) released a statement on their website that the third party ticketing vendor for Bridges Auditorium, AudienceView, had experienced a security breach for online ticket purchases between Feb. 17-21. 

The breach was caused by malware that leaked consumer credit card information, including card number, expiration date and CVV. AudienceView eventually removed the malware on the afternoon of Feb. 21, but has temporarily suspended its product during further investigation.

The breach impacted higher learning institutions across the country, including Virginia Tech, Colorado State, Cornell University, Middlebury College, UC Santa Cruz, Oswego State University and Auraria Campus, among others.

According to Andrew Crawford, ITS deputy chief information officer, AudienceView reported that 105 people were impacted in the Claremont community. Crawford said these people were notified about the breach by AudienceView, who offered 12 months of credit monitoring and identity protection. The Pomona security team also provided the 105 impacted people with support after the breach.

“The security team let the impacted people know that AudienceView would be sending them information, and provided additional recommendations on what they could do in the near term – monitor credit statements, for example, and report suspicious activity to their credit card company,” Crawford said to TSL via email.

According to KJ Fagan, senior director of public programming and strategic initiatives at Bridges Auditorium, Pomona began utilizing AudienceView services at the beginning of this academic year. Since the breach, Bridges has moved to EventBrite as a temporary ticketing platform. 

“EventBrite was selected as an interim measure because it is a free tool that could be implemented quickly,” Fagan told TSL via email.

Pomona last experienced a security breach in 2020, when the personal information of students, parents and alumni was compromised in a malware attack on Blackbaud, the College’s service for alumni and donor management.

Crawford said that a longer-term ITS active risk management program assesses potential technology vendors on security, accessibility and legal components.

“In today’s technology landscape, risk is ever present,” Crawford said. “But that technology solutions review process helps position Pomona College and its community as strongly as possible for understanding and mitigating those risks, and responding to them effectively when cybersecurity events inevitably happen.”

Facebook Comments