14 DAY TRIAL // Eventbrite, an event management company based in San Francisco, California, revealed that sensitive information may have ended up in the wrong hands after a couple of iPads that stored the data have been stolen from an employee while in transit.
Kevin Hartz, CEO and co-founder of Eventbrite wrote on the company's blog about the incident “you’re hearing from me to apologize about a mistake we made; and I want to let you know what we are doing to correct it. “
The company recently started using an Apple application called Eventbrite At The Door, an event management software that's supposed to make the organizer's work a lot easier.
On September 20, two of the iPads used at a customer event were stolen from an employee while he was returning to headquarters. As soon as the theft was discovered, the authorities were alerted and the anti-theft features of the devices were deployed, deleting all the data and locking the machine.
The stolen data consisted of “the names and email addresses of attendees who purchased tickets online for this single event, or who bought tickets on site through an iPad that wasn’t stolen,” “email addresses and the last four credit card digits of attendees who bought tickets on site at this event through one of the two devices that were later stolen” and “full credit card numbers for 28 attendees who purchased tickets on site at the event.”
Unfortunately, because of an application bug, the 28 transactions made by the customers who've purchased the tickets on site were not encrypted. According to Hartz, the problem was later patched. Now it only remains to be seen if the absence of the patch was critical or not.
“We know that having your personal data compromised is a violation of the trust you place in Eventbrite, and our deepest apologies go to the people who have been affected by this. We have already emailed the attendees of this event whose email addresses were potentially exposed to make them aware of the situation,” revealed the CEO.
“While we believe the risk for criminal misuse of these email addresses is low, we take our customers’ security and privacy seriously and believe that it’s best to be open and transparent. “