Written by Gabriel Huff // Graphic by Cooper Turman
Senior Marc Barnett was on an American Studies Institute trip in Washington, D.C., in February when he received a notification from his bank that his account balance had reached zero.
“I said, ‘That’s not right,’” Barnett said. “I know I had some money in there. So I looked at my bank — my app — and it showed several charges for like 500 something dollars from this random place I’ve never been to before.”
Barnett later discovered he and others have been dealing with the repercussions of malicious software after purchasing Spring Sing tickets from a platform managed by AudienceView, a third-party vendor used by Harding University for event ticketing at hardingtickets.com.
The incident was not isolated to Harding as the software company encountered a nationwide data breach in February affecting the platform’s national customer base, which includes other universities, colleges and companies.
Heather Kemper, the director of Alumni and Parent Relations, which houses hardingtickets.com, said AudienceView discovered their product was impacted by malware on the morning of Tuesday, Feb. 21. An investigation disclosed that personal credit card payment information was among the information breached from the malware. Those who bought tickets from its platform between Feb. 17 and Feb. 21 were potentially subjected to unauthorized access.
“When the incident was discovered, AudienceView took immediate steps to remove the malware and implement additional security measures to safeguard against any unauthorized activity,” Kemper said. “AudienceView confirmed that the malware in question was removed by the afternoon of Tuesday, Feb. 21.”
In conjunction with the ticketing platform, Kemper worked with others at the University to ensure Harding’s website was safe and customers were being protected, she said, shutting down the site until the incident was resolved.
“AudienceView reported that they had ‘contained the incident’ and ‘implemented additional safeguards and taken measures to help prevent further unauthorized access,’” Kemper said. “Hardingtickets.com went live again on March 9.”
AudienceView sent emails to those potentially impacted, informing them about the situation and advising customers to monitor their credit card activities. The software company also reported the breach to federal law enforcement and is cooperating with its investigation. Additionally, the platform offered free credit monitoring and identity protection services for 12 months through CyberScout, Inc., a TransUnion company.
Keith Cronk, the University’s CIO and senior vice president, said since Harding’s system was not directly breached, there were limited actions it could take. He warned those affected to stay alert.
“Keep an eye on your credit card statements,” Cronk said. “Keep an eye on your debit card statements. Don’t just assume that everything on there is what you purchased.”
Other institutions such as Abilene Christian University, Colorado State University and the University of California at Santa Cruz offered their customers similar advice.
After discovering his bank account had been compromised, Barnett took immediate steps to secure his account. He had to spend a few weeks without revenue, but friends helped with purchases while he waited to get a new debit card. Things finally were settled after he returned from spring break.
“So I took tabs of what I owed people and then once I got back and got my card back, I paid off on them,” Barnett said.
Kemper said Harding has been using AudienceView for about the past five years under annual contracts and will continue to use its services for now.