By Isabella Darcy
Many students experienced fraudulent activity on their banking accounts in February and March after using credit or debit cards to make purchases on AudienceView, a third-party ticketing vendor used by the College’s Center for the Arts.
AudienceView experienced a payment card data security breach that affects colleges and universities across the nation. The ticketing software discovered that malware was installed on its systems, which allowed for disclosure of card number, expiration date and CVV for cards used to purchase tickets.
Chief Information Security Officer Matt Cesari explained in an email on Feb. 24 that for anyone who purchased tickets through AudienceView during this calendar year, “it is possible your credit card information was impacted in connection with this incident.”
Many students used AudienceView this year to purchase tickets for TCNJ Musical Theater’s production of “Legally Blonde.” These purchases were made online and required patrons to enter their payment card information into AudienceView’s system.
When the College became aware of the incident, the Center for the Arts stopped selling tickets for “Legally Blonde” on AudienceView and instead sold tickets cash-only at the door.
Freshman elementary education and English major Larissa Goldberg bought tickets for “Legally Blonde” in January. She and her parents monitored her bank account after they became aware that many student’s cards were being accessed and used to make fraudulent purchases.
“My mom sent me a text message saying that I had used like $100 worth of Uber, when I hadn’t taken an Uber anywhere,” Goldberg said.
“Legally Blonde” cast member and sophomore early childhood special education and English major Skylar Yannello explained that herself and most of her fellow cast members knew at least one person whose banking information was compromised.
“My dad just texted me two days ago and said that his Citibank card got breached,” Yannello said.
Those who notice fraudulent transactions on their account are advised to report such transactions to their financial institution and also report any suspicious activity to Campus Police or their local police department.
“AudienceView has advised [the College] that if your credit card information was accessed in this incident, AudienceView will be directly sending to you additional information concerning the nature of the incident, including steps to further protect your information,” Cesari stated in an email.
AudienceView will offer credit monitoring to the individuals the company determined were affected. Some students, however, don’t feel comfortable using the credit monitoring service.
“I decided not to enroll in the credit card watch service just because I don’t know if I should trust things that ask for my information after what already happened, but I told my mom to stay on the lookout for anything suspicious,” Goldberg said.
Parents and students noticed fraudulent activity on student banking accounts in February, and rumors stating that campus vending machines were at fault circulated on social media.
The College investigated campus vending machines after hearing rumors claiming that card readers on the machines were stealing user's banking information.
“The college has checked the vending machine and has not found any truth to these rumors,” said Luke Sacks, head media relations officer at the College.
The root of the fraudulent charges is AudienceView, not the vending machines, and persons who made purchases through AudienceView are encouraged to monitor their bank accounts while the incident is being resolved.
The College is following AudienceView’s active investigation of the incident, which is exploring what exactly happened and how to prevent it from happening again. The College will also determine whether or not AudienceView’s services will be used in the future.
“When we have a clear picture of what led to the security incident, we will be in position to determine with whom we should partner to provide the best service and ensure the security of our customer data,” Sacks said.
The College will provide more information once the matters of the incident are resolved.
Correction: The article previously stated that the College would be offering and recommending complimentary credit monitoring services to those who purchased tickets on AudienceView during this calendar year. This is incorrect; AudienceView, not the College, is the one offering credit monitoring to those who they determined were affected.