The online ticketing company Eventbrite warned customers Thursday to monitor their email accounts for suspicious messages after two company iPads storing sensitive customer data were stolen from an employee.
In a letter emailed to customers and posted on the company’s blog, Eventbrite CEO Kevin Hartz said the iPads were stolen from an employee on Sept 20. The data stored on the devices included names and email addresses of customers who bought tickets online to one customer event, Hartz said. The lost data also included full credit card numbers for 28 attendees who purchased tickets at the event. Those credit card numbers were not encrypted due to a bug in the company’s iPad application, he said.
As Eventbrite tried to determine what other information may have been stored on the stolen iPads, the company remotely locked the devices and erased the data, Hartz said. The letter noted that the company believed the risk for criminal misuse was low, but it asked customers to watch their email accounts for suspicious messages and to avoid sharing financial or sensitive information over email.
To prevent this from happening in the future, Hartz said that the company had updated its iPad application, Eventbrite At The Door, to encrypt email addresses collected at events and that the company would no longer store email addresses collected from online orders on mobile devices.
Eventbrite, a ticketing startup with 144 employees based in San Francisco, helps event organizers to create web pages, issue tickets and promote their events online. Founded in 2006, the company has typically catered to smaller events, but has expanded its ambitions recently in an effort to take business from industry giant Ticketmaster. In March, Eventbrite announced it had raised $50 million in venture capital and expects to earn more than $400 million in sales this year, almost double its revenue from last year.
The theft of the iPads highlights the security risks that companies face as they increasingly use mobile devices to run their businesses. In a survey of 1,500 businesses in 14 countries, released in May by the security firm McAfee and Carnegie Mellon University, 40 percent said their mobile devices have been lost or stolen, half of which stored company data.
Security experts say customers whose names and email addresses are exposed through data breaches are vulnerable to “spear phishing,” or targeted attacks by hackers who send personalized emails apparently from trusted companies seeking to trick users into revealing personal data or downloading malicious software.
- Texting, grand theft auto style; alarms pose risk
- GameStop Accepts iPhone / iPad Trade-ins, Will Sell Devices Soon
- Qantas Airlines to Offer iPad for In-Flight Entertainment
- Android Most Targeted Mobile Malware IQ2 2011: McAfee
- AT&T Will Throttle Data Hogs As Unlimited Plans Wane
There are no comments yet. Why not be the first to speak your mind.