Over 33,000 customers have been warned by University of Michigan about a serious security breach that managed to compromise their personal information. These customers used the services of Michigan Union Ticket Office to buy tickets over the period of last two years.

Rick Fitzgerald, spokesman for University of Michigan, said to Zahra Huber of WWJ Newsradio 950 that it was not a security breach with University of Michigan but rather, the security protocols of Vendini Inc. were breached. Vendini is a vendor whose services are used by Michigan Union Ticket Office of University of Michigan. Fitzgerald further informed that the security breach was not an isolated event and that apart from Vendini Inc., other ticketing outlets in Canada and United States were also affect by this cybercrime.

Fitzgerald said that University of Michigan’s mass notification was an extra step meant to ensure that the effected customers are aware of the situation. He further said that the university officials are closely working with Vendini experts to help them locate the cause of the security breach and to help them improve their security and close any loopholes so that the problem is resolved as soon as possible.

Vendini Inc. on the other reported that they have launched a massive internal investigation and are also seeking help from experts on cyber security and other outsider forensic computer experts. Vendini officials reported that in March some cybercriminal managed to access their database using hacking technologies and that this hacking compromised personal information of customers that included vital information like credit card details, phone numbers, mailing and email addresses and their names.

It was further notified by Vendini that they never store the CVV2 or CVV numbers of credit cards (these are the numbers that are generally used for completing any credit card transaction). The vendor also notified that customer username and passwords were also not accessed by the hacker(s). The vendor has asked every customer who have bought tickets within the period September 2011 to April 2013 to cross check their bank account status.

]]>