The Detroit Zoo along with eight other zoos across the country announced that Service Systems Associates (SSA), a third party vendor that handles retail and concession payments, experienced a point-of-sale (POS) breach that affected customers between March 23 and June 25 of this year.
How many victims? Unknown.
What type of personal information? Customer names, credit and debit card numbers, expiration dates, and three-digit CVV security codes.
What happened? Malware was detected on SSA software in nine zoo gift shops that compromised information of customers at the Detroit Zoo and eight other zoos across the country.
What was the response? The malware responsible for the incident was identified and removed. SSA has notified the credit card companies of the situation and is working with law enforcement and the forensic investigator firm Sikich to investigate the breach.
Details: Anyone who visited a SSA partner facility between March 23 and June 25 of this year and used a credit or debit card may have had their information compromised. The breach did not affect food, ticket or membership sales at the Detroit Zoo.
Quote: “Upon learning of the breach, SSA installed a separate credit card processing system in the gift shops and new transactions have not been affected by the previous breach,” according to the Detroit Zoo's release.
Source: detroitzoo.org, “SSA Data Security Breach,” July 2015; www.kmssa.com, “Details on Service System Associates, Inc. Data Breach,” July 2015; The Detroit News, July 8, 2015.