Melbourne International Film Festival investigates unauthorised access to customer personal information
Melbourne International Film Festival organizers are investigating how the personal information of more than 26,000 customers was compromised by a ticket seller.
Festival organizers on Monday warned past attendees to avoid clicking on suspicious emails or text messages claiming to be from the festival after Ferve Tickets, the third-party ticketing platform used by MIFF to manage ticketing and customer information, was hacked.
While MIFF emphasized that not all payment card information could be accessed on the Ferve platform, it said that the names, e-mail addresses, phone numbers and residence addresses of approximately 26,782 customers may have been accessed during the hack.
Some MIFF customers received strange emails or prank messages over the weekend, raising suspicions that something was amiss. One message reportedly read: “Sometimes I feel like Miley Cyrus.” Others simply contained a frowning expression.
Ferve Tickets confirmed on Monday that the imprint had been hacked and said immediate steps were taken to contain the incident as soon as unauthorized activity was detected.
“Our investigation is ongoing and we are working closely with affected customers, cybersecurity experts and relevant authorities to determine the full scope of the incident,” a spokesperson for Ferve said.
“We continue to work closely with MIFF and the relevant authorities as we consider any additional measures that may be required to further strengthen our systems and processes.”
MIFF said it became aware of the hack last Friday. Another attack on Saturday meant “some customers received emails or SMS messages sent directly through the system,” it said.
This imprint saw online discussion over the weekend about a dark web account claiming to have details of 340,000 MIFF customers for sale. However, festival organizers said they were currently only aware of 26,782 exposed accounts, although investigations were ongoing.
MIFF said this number is approximately 10 percent of its total customer database.
“MIFF has contacted affected customers directly to provide information regarding the incident and
Steps are being taken in response,” a festival spokesperson said.
“Our current understanding is that 26,782 customer records held on the Ferve ticketing platform may have been affected by this incident. We understand that customers may be concerned by this incident and sincerely regret the uncertainty this may cause. The protection of personal information entrusted to MIFF and its technology partners is of the utmost importance.”
Affected customers are advised to be wary of any unexpected emails or text messages that appear to be from MIFF. A festival spokesperson said customers should avoid clicking links or providing personal information unless they are sure of the source.
MIFF notified the Australian Signals Directorate and the Australian Cyber Security Center and were investigating the hack with Ferve Tickets. Festival officials are also working on relevant regulatory and reporting obligations.
A festival spokesperson said there was no evidence that MIFF account passwords had been compromised and that the festival took action as soon as it became aware of the problem on Friday.
“MIFF took immediate action to contain the incident and implemented measures to secure access to the ticketing system,” the spokesman said.
If further findings emerge from the investigation, MIFF said it would contact affected customers directly.
“While these measures are being taken, our investigation is ongoing and we continue to evaluate the incident and monitor the environment. Until this work is completed, we are not in a position to definitively state that all aspects of the incident have been fully resolved,” the spokesman said.
MIFF also advised affected customers to avoid sharing their passwords, verification codes or banking information with unknown or unidentified sources. Customers are also advised to change their passwords as a precaution, especially if the same password is used in more than one service.
The film festival, which will take place between 6-23 August, will announce its full program on 9 July. Tickets are not on sale yet.
There was speculation online over the weekend that the Melbourne Writers Festival had also been hacked, but organizers said on Sunday there was no evidence of any data breach.
“Melbourne Writers Festival is aware of recent speculation regarding a potential data breach,” a spokesperson said. “We want to reassure our customers and stakeholders that we have investigated and found no evidence of unauthorized access to or compromise of MWF customer or company data.
“We take the security of our systems and the privacy of our customers seriously and continue to monitor our systems rigorously as part of our standard security practices.”
If you are concerned about the risk of identity fraud, contact IDCARE, Australia’s national identity and cyber support service: idcare.org
Must-watch movies, interviews and the latest developments from the film world are delivered to your inbox. Sign up for our Scanning Room newsletter.
