PORTLAND -- The Portland Center for the Performing Arts announced Friday that customer information on its website, including credit card numbers, was accessed by an unauthorized outside user.
Customers who purchased PCPA gift cards were affected, but those who purchased tickets were not, a PCPA statement read.
Names, street addresses, email addresses, phone numbers and credit card numbers—along with card types, expiration dates and billing addresses—associated with 864 gift card purchasers were obtained through suspected illegal means.
“We are deeply troubled by this security breach and regret any inconvenience or distress this incident may have caused our gift card customers,” PCPA Executive Director Robyn Williams said. “Immediate action was taken to ensure the safety of all personal identifying information contained on our website and we’re confident that this won’t happen in the future.”
The security breach was discovered last week by IT and web teams working for PCPA and Metro, who manages PCPA for the City of Portland, according to Metro spokeswoman Stephanie Soden.
A review concluded that the breach happened between December 20, 2010 and March 15, 2011, and included gift card transaction data dating back to January 1, 2006.
Each of the 864 credit card holders was notified and law enforcement authorities were contacted. No information related to the criminal investigation was released.