Oregon Zoo had personal and credit card information from 117,815 individuals exfiltrated following a months-long payment skimming malware attack against its website's payment platform, reports The Record, a news site by cybersecurity firm Recorded Future.
Threat actors were able to secure payment card details, including individuals' names, payment card numbers, CVVs, and expiration dates, between Dec. 20, 2023 and Jun. 26, 2024, after redirecting online ticket transactions from a third-party vendor, said Oregon Zoo officials in a filing with Maine regulators. Oregon Zoo's breach disclosure follows separate cyberattacks against Tampa Bay Zoo and Toronto Zoo during the past year. Such a development also comes amid escalating skimmer malware compromise across e-commerce sites following Russia's war against Ukraine, with nearly 3,800 e-commerce domains infected last month alone, according to Recorded Future. Carding shops across the dark web had 18.6 million card records for sale last month, Recorded Future added.