Ticketing and event management company Eventbrite is dealing with a possible security breach following the theft of two iPads that contained personal information of some of its customers.
The company was using the iPads as part of its new Eventbrite At The Door ticketing solution, which allows venues or events to collect payments and issue tickets using an iPad app. Eventbrite launched the new service in June, but the company did not disclose what event used the iPads before they were stolen.
Kevin Hartz, Eventbrite’s co-founder and CEO, said in a blog post on the company’s Web site this week that once the company discovered the iPads had been stolen, officials immediately contacted law enforcement and remotely initiated a password lock and wiped out the data on the two devices. He also apologized for the situation.
The theft occurred on September 20 while an Eventbrite employee was headed back to the company’s headquarters following the client’s event. No other details of the theft were disclosed.
Hartz said the potentially compromised data included full credit card information for 28 people who bought tickets for the event; names and email addresses for some customers who bought tickets online for the event; and the names, email addresses and last four digits of credit cards for some fans who bought tickets at the event. The full credit card information was erroneously stored due to a glitch in the iPad app that has since been fixed.
“We know that having your personal data compromised is a violation of the trust you place in Eventbrite, and our deepest apologies go to the people who have been affected by this,” Hartz wrote. “We have already emailed the attendees of this event whose email addresses were potentially exposed to make them aware of the situation. While we believe the risk for criminal misuse of these email addresses is low, we take our customers’ security and privacy seriously and believe that it’s best to be open and transparent.”
As ticketing company increasingly turn to mobile and paperless ticketing, the issue of companies maintaining informational security is becoming more important, and Hartz said Eventbrite is taking additional steps to ensure such breaches do no happen again.
“To prevent this from happening again, we have updated the Eventbrite At The Door application to encrypt all email addresses collected on-site at events, and we have made changes to all our mobile products, including Easy Entry, so that they will no longer store email addresses collected from online orders on mobile hardware,” Hartz wrote. “And on top of these technical fixes, we are putting in place increased security measures for the transportation of company-issued iPads, so that they will no longer store any personally identifiable data while in transit.”
Eventbrite has grown significantly over the past two years and is now the nation’s fourth-largest primary ticket company, according to TicketNews’s exclusive industry rankings. The company has also signed partnership deals with company’s such as Thinglink and secured millions of dollars in venture funding.