A second Melbourne arts institution is investigating a data breach, in which the personal information of almost 26,000 people has been exposed, days after the data of thousands of Melbourne International Film Festival customers was compromised.
The Australian Centre for the Moving Image (ACMI) discovered that data from one of its third-party systems was accessed without authorisation on Tuesday. An ACMI spokesperson said the data breach had only impacted customers who had hired a title from the centre’s online streaming service, Cinema 3.
The centre did not specify which third-party system it uses. ACMI says it does not use Ferve Tickets – the platform used by MIFF that was recently hacked – as part of its ticketing platform.
“As soon as the breach was identified, our technology team contained the incident and secured the platform,” an ACMI spokesperson said on Thursday. “ACMI conducted a full review of our systems, and no further breaches were identified.”
The spokesperson noted that ACMI’s ticketing system – used for tickets to in-person screenings and exhibitions – was separate from the system it used for Cinema 3, and had not been affected in the breach.
The personal information accessed in the leak may include full names, email addresses, IP addresses and order details, which include the titles customers rented, when they rented them and how they paid. The ACMI spokesperson stressed that customers’ financial details were not stored in the breached system, so had not been compromised. Passwords were also not exposed.
ACMI had emailed all affected customers directly, it said in a media release on Wednesday. If customers did not receive an email, their information was not affected.
The centre recommended customers change their online passwords, remain wary of scam
emails and monitor their accounts for any unusual activity.
When asked if there was any indication that the same person or group was responsible for the attacks on both organisations, ACMI said it was investigating who might have been behind the breach.
“ACMI is following our cyber intrusion procedure,” the spokesperson said. “We are working with the Victorian Government Cyber Incident Response Service and the third-party provider involved to investigate the cause of the incident and are continuing to monitor the situation.”
MIFF experienced a similar breach of its third-party ticketing platform, Ferve Tickets, which it first became aware of on Friday. While the festival’s spokesperson stressed that complete payment card details were not accessible on the Ferve platform, they said about 27,000 customers might have had their names, email addresses, phone numbers and residential addresses accessed in the hack.
Some MIFF customers also reported receiving unusual emails or prank text messages at the weekend, which raised suspicions that something was amiss.
MIFF notified the Australian Signals Directorate and the Australian Cyber Security Centre, and said it was continuing its investigations with Ferve Tickets.
This masthead has seen discussion online about a dark web account that was claiming at the weekend to have details of 340,000 MIFF customers for sale.
However, a MIFF spokesperson said on Monday that figure was incorrect.
“MIFF’s customer database does not contain 340,000 customer records, and therefore it is not possible for 340,000 MIFF customer records to have been compromised in this incident,” the spokesperson said.
ACMI said it would continue to investigate its own breach, and that it was sorry for any concern the breach might have raised.
“We’re truly sorry this has occurred and appreciate your patience as we continue our investigation,” the centre’s media release read. “ACMI takes the privacy and security of personal data seriously. Safeguarding our audiences’ data remains our priority. We will keep customers informed as any new information comes to hand.”
Further information about protecting your personal information following a data breach is available from the Office of the Victorian Information Commissioner.
Must-see movies, interviews and all the latest from the world of film delivered to your inbox. Sign up for our Screening Room newsletter.
Nell Geraets is a Culture reporter at The Age and The Sydney Morning Herald.Connect via X or email.From our partners
Disclaimer : This story is auto aggregated by a computer programme and has not been created or edited by DOWNTHENEWS. Publisher: www.smh.com.au
