Cyber Incident Victim: AudienceView
Date:
Feb 2023
Location:
United States of America
Summary
A cyberattack targeting the ticketing platform AudienceView compromised its Campus product, impacting universities and colleges across the U.S. and Canada. The breach exposed sensitive payment information, including credit card numbers, expiration dates, and CVV codes, leading to widespread fraudulent charges on affected students’ accounts. Some victims also experienced social engineering attempts where attackers posed as bank representatives to extract PINs and Social Security numbers. The company engaged third-party experts for investigation, removed identified malware, implemented enhanced security measures, and notified impacted individuals, offering complimentary credit monitoring services. Multiple academic institutions confirmed unauthorized transactions during the incident window, with over 13,000 individuals affected and reports of financial losses ranging from minor sums to over $1,000 per victim.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-February 2023, AudienceView, a provider of ticketing software for universities and colleges, experienced a cybersecurity incident affecting its Campus product, used for athletics, performing arts, and student life ticketing. The company detected malware on February 21, 2023, prompting immediate actions to remove the malicious code and implement additional security measures. Forensic analysis by third-party experts at Mandiant confirmed unauthorized access and data exfiltration, primarily involving consumers’ payment card information during transactions processed between February 17 and February 21. The breach impacted customers across the U.S. and Canada, including institutions such as Cornell University, the University of California Santa Cruz, Virginia Tech, MIT, and Johns Hopkins University, with AudienceView’s filing to the Maine Attorney General indicating 13,045 affected individuals. Exfiltrated data included credit card numbers, expiration dates, and CVV security codes, as confirmed by university notifications and Aurora Higher Education Center’s advisories. AudienceView engaged federal law enforcement and notified all potentially affected parties, offering 12 months of complimentary credit monitoring and identity protection services. No details were provided on the malware’s origin or the attackers’ identity.
The breach resulted in confirmed financial fraud, with students from institutions such as Ithaca College and Cornell University reporting unauthorized charges ranging from $60 to over $1,000 on cards used for ticket purchases during the exposure window. Some victims also received scam calls from individuals impersonating bank representatives, leading to further theft of PINs and Social Security numbers. Universities universally emphasized the February 17–21 risk period in their breach notifications, urging students to monitor accounts for fraudulent activity and initiate charge disputes. A law firm investigating the incident estimated at least 25 affected educational institutions, underscoring the attack’s scale. AudienceView maintained silence on the number of impacted schools and specific malware details, prompting public criticism over communication gaps. The company’s post-incident actions focused on enhancing security protocols and coordinating victim support, while multiple universities discontinued use of the Campus product pending ongoing investigations. Financial institutions faced reimbursement demands as fraudulent transactions proliferated, with no evidence suggesting resolution of all disputed charges by the time Maine’s Attorney General filing was submitted in March 2023.