Announcements, News

UPDATE 3/2/23:

Due to a recent data breach of a third party vendor that provided ticketing services for College events, Middlebury Information Technology Services recommends the following:

Any individual who has used the online ticketing system should monitor their account closely for fraudulent activity. Whether or not fraudulent activity is detected, patrons should consider canceling any cards that were involved in ticket purchasing.

If you received an email from the vendor Audience View, it means they believe that the payment card you used to purchase tickets from the online box office should be considered compromised, regardless of whether or not you have seen any fraudulent transactions. Immediately contact your bank to inform them that your payment card data was compromised and request a new card.

Security Advisory

Story updated March 2, 2023.

Middlebury Information Technology Services sent the following advisory to the campus community on Sunday, February 26.

Dear Faculty, Staff, and Students,

We are writing to inform you about a data security incident that may have involved your personal information.

If you used a credit card to purchase tickets through middlebury.universitytickets.com during the month of February, this message contains important information and actions for you to take.

On February 23, Middlebury was informed that a third-party vendor for campus event ticketing, “AudienceView” (also known as “University Tickets”), had recently experienced a payment card data security breach with their online Box Office services. They advised us at that time that Middlebury community members were not impacted. However, after additional investigation by Middlebury Information Technology Services (ITS) and Public Safety, including reports from students about fraudulent credit card activity, we have suspended online Box Office ticket sales at middlebury.universitytickets.com until we are confident that the vendor has appropriately secured our customer payment information. 

For tickets, please visit the Box Office website or individual event listings for instructions.

Middlebury takes the protection and proper use of your information very seriously. We are therefore contacting you to explain the incident and provide you with steps you can take to protect your personal information.

What Happened

AudienceView shared that this breach, which has affected many higher education institutions nationwide, includes personal payment card information. The breach impacts individuals who used the system to purchase tickets online in February and includes names, billing addresses, email addresses, phone numbers, and payment information. This issue did not impact in-person box office ticket sales, nor other Middlebury online services. However, if you purchased any tickets from the Box Office with a credit card during this time frame, we recommend checking your bank statement for any sign of fraudulent charges.

Actions Taken

Out of an abundance of caution, Middlebury has suspended all online ticket sales via middlebury.universitytickets.com, effective immediately and until further notice, as we work to resolve this issue. 

Middlebury’s Information Technology Services (ITS) division is working with AudienceView to determine which members of our campus community may have been affected, and we will provide more information to any affected individuals once it becomes available.

What You Can Do

If you purchased tickets for events through the Middlebury online box office during the month of February, please be aware that you may receive a communication directly from AudienceView. AudienceView will be notifying those impacted by this breach via email with information and instructions. Please review this email carefully.

In addition, we strongly encourage anyone who has purchased tickets through the Middlebury online box office to check their credit card statements immediately, contact their banking institution regarding any suspicious transactions, and report the suspicious transactions to Middlebury Public Safety.

General Security Tips

We encourage you to review Middlebury’s Information Security website for guidance on further protecting your personal information and safe computing practices.

As a best practice, we also recommend that you remain vigilant and promptly report to us and to the proper law enforcement authorities any suspicious activity or suspected fraudulent transactions.

If you have any questions please email privacy@middlebury.edu.

Sincerely,

Chris Norris

Interim Assistant Vice President for Information Technology Services