Back in July, this site reported that a number of gift shops at zoos were impacted by a breach involving their point of sale systems. Service Systems Associates (SSA) issued a statement at the time. I’m not sure why more impacted entities are first disclosing now, but WBAP reports:
You’ll want to check your bank statements if you went to the Dallas Zoo this past Spring.
The Zoo says customer information might be at risk after a data breach that happened between March 24th and May 20th.
The breach would affect anyone who bought something from the Zoo’s gift shop between those dates.
In addition to Dallas, the Dallas Morning News reports, zoos in El Paso, Houston and Detroit all had similar breaches.
On October 13, SSA issued a new press release that now lists the following affected entities:
- Dallas Zoo
- Detroit Zoo
- El Paso Zoo
- Fresno Chaffee Zoo
- Herman Park Conservancy
- Honolulu Zoo
- Houston Zoo
- Zoo Miami
- Museum of Science and Industry (Tampa, Florida)
- Pittsburgh Zoo & PPG Aquarium
More details are available here . Previous coverage of this breach on this site can be found by searching for zoo or “Service Systems Associates.”
These are the very SAME zoos listed in the article posted by KrebsOnSecurity on July 15. So what gives? Is this a second breach or a failure to disclose in a timely manner?
I think it’s the latter. For some reason, they first notified the California AG’s office this week, and it sounds like some of what was reported was news to media outlets in Texas, who knew about the Houston zoo, but not the Dallas one.