Arts Center online payment vendor hacked

Hundreds of patrons of the Arts & Science Center for Southeast Arkansas who purchased performance tickets online may have had their personal information compromised in what a vendor said was a hack of its systems.

Vendini, an online ticketing company, informed Arts Center personnel Tuesday of the attack.

Arts Center Executive Director Lenore Shoults said Wednesday that all patrons are being contacted to inform them of the situation.

“First of all, Vendini contacted patrons vie letter or e-mail,” Shoults said. “Yesterday as soon as we found out we sent out an e-mail and by 9 a.m. we had a plan in place including getting the names and phone numbers for each patron who had used Vendini. We contacted them to confirm that they had been contacted by Vendini. If we did not reach them we are literally mailing letters out today.”

Shoults said that online ticketing through Vendini has also been halted.

“Patrons wishing to purchase tickets for our production of Oliver coming July 24 through 28 should do it the old-fashioned way and give us a call at 536-3375,” Shoults said.

Shoults said that despite the occurrence of such a disturbing event, the communication with so many theater lovers was an unexpected gift to the staff.

“People have been incredibly gracious,” Shoults said. “This turned out to be a wonderful opportunity to reconnect with our patrons. I spoke to a woman who asked what our next show was so I told her and then she bought tickets. So it has actually been an extraordinary day. We are really grateful that the community has been so supportive and understanding.”

In its communication to the Arts Center, Vendini said that it was fully investigating the potential data breach.

“A full-scale, internal investigation is under way at Vendini with outside computer forensic and cyber security experts,” the letter from Vendini said. “Although our internal investigation is ongoing, we believe that in late March a third-party criminal actor used hacking technologies to access our databases and may have accessed personal information.”

Vendini said that the potentially compromised information includes names, mailing addresses, email addresses, phone numbers, and credit card numbers and expiration dates.

Vendini said that the company does not collect credit card security access codes preventing any compromising of that information.

Vendini also said that the intruder did not access usernames or passwords.