PRESS ROOM

Archive: Vendor Data Security Breach at Zoos Under Investigation

July 8, 2015

 

Service Systems Associates (SSA) – the third-party operator of concessions and retail services for the Detroit Zoo ­– is investigating a data security breach of their point-of-sale systems in gift shops at nine zoos throughout the country, including those at the Detroit Zoo.

The investigation comes after authorities contacted the zoos regarding stolen credit card information.  SSA is working with an independent technology forensic expert to study the incident and prevent further issues.

A preliminary forensic review shared with the Detroit Zoological Society (DZS) reveals that malicious software, or “malware”, was detected in SSA’s software, affecting purchases made at zoo gift shops between March 23 and June 25, 2015.  Upon learning of the breach, SSA installed a separate credit card processing system at its retail outlets.

“We are obviously concerned that the vendor’s system was compromised,” said Gerry VanAcker, DZS chief operating officer.  “Transactions made since June 26 are not affected by the previous breach, and it is safe to use a credit or debit card at SSA’s retail locations.”

In addition to credit and debit card numbers, the cyber hackers reportedly gained access to card holders’ names, card expiration dates and three-digit CVV security codes.

The DZS IT systems – including those for ticket and membership sales – were not impacted by the data breach and are secure.

The Detroit Zoo’s website has up-to-date information provided by the vendor at https://detroitzoo.org/Plan/shopping-in-the-zoo.  Additional information is posted at http://www.kmssa.com/creditcardbreach/.  Further information will be shared as it becomes available.

All