source : the age

Melbourne International Film Festival organisers are investigating how the personal information of more than 26,000 customers was exposed by a hack of a ticket seller.

Festival organisers on Monday warned past attendees to avoid clicking on any suspicious emails or text messages claiming to be from the festival after a third-party ticketing platform, Ferve Tickets – which MIFF uses to manage ticketing and customer information – was hacked.

MIFF’s third-party ticketing platform Ferve Tickets was hacked, exposing the personal information of thousands of MIFF customers.Compiled by Aresna Villanueva

While MIFF stressed that complete payment card details were not accessible on the Ferve platform, it said about 26,782 customers might have had their names, email addresses, phone numbers and residential addresses accessed in the hack.

Some MIFF customers received strange emails or prank text messages over the weekend, which raised suspicions that something was amiss. One message reportedly read: “I feel like Miley Cyrus sometimes”. Others simply contained a frowning emoticon.

Ferve Tickets on Monday confirmed the hack to this masthead, and said it took immediate steps to contain the incident as soon as the unauthorised activity was identified.

“Our investigation remains ongoing, and we are working closely with affected clients, cybersecurity specialists and relevant authorities to determine the full scope of the incident,” a Ferve spokesperson said.

A screenshot of an email sent to an MIFF customer as a result of the hack.

“We are continuing to work closely with MIFF and relevant authorities while assessing any additional measures that may be required to further strengthen our systems and processes.”

MIFF said it became aware of the hack last Friday. It said another hack on Saturday meant “some customers received emails or SMS messages sent directly through the system”.

This masthead has seen discussion online about a dark web account that was claiming over the weekend to have details of 340,000 MIFF customers for sale.

However, a festival spokesperson said that figure was incorrect.

“MIFF’s customer database does not contain 340,000 customer records and therefore it is not possible for 340,000 MIFF customer records to have been compromised in this incident,” the spokesperson said.

The festival was currently only aware of 26,782 exposed accounts – about 10 per cent of its total customer database – and was continuing to investigate.

A screenshot of another SMS message sent to an MIFF customer.

“MIFF has contacted affected customers directly with information about the incident and the
steps being taken in response,” the spokesperson said.

“Based on our current understanding, 26,782 customer records held within the Ferve ticketing platform may have been affected by this incident. We understand customers may be concerned by this incident and sincerely regret the uncertainty it may cause. Protecting the personal information entrusted to MIFF and its technology partners is extremely important.”

Affected customers have been advised to remain cautious of unexpected emails or text messages that appear to come from MIFF. The festival spokesperson said customers should avoid clicking on links or providing personal information unless they were confident about the source.

MIFF had notified the Australian Signals Directorate and the Australian Cyber Security Centre, and was investigating the hack with Ferve Tickets. Festival officials are also working through relevant regulatory and reporting obligations.

The festival spokesperson said there was no evidence that MIFF account passwords were compromised, and that the festival acted as soon as it became aware of the issue on Friday.

“MIFF acted immediately to contain the incident and has implemented measures to secure access to the ticketing system,” the spokesperson said.

If further findings emerge from the investigation, MIFF said it would communicate directly with the affected customers.

“While those measures are in place, our investigation remains ongoing, and we continue to assess the incident and monitor the environment. Until that work is complete, we are not in a position to definitively state that all aspects of the incident have been fully resolved,” the spokesperson said.

MIFF also advised affected customers to avoid sharing passwords, verification codes or banking information with unknown or unidentified sources. It also suggested customers change their password out of precaution, particularly if the same password is used across multiple services.

The film festival, which will run from August 6-23, will announce its full program on July 9. Tickets are not yet on sale.

There was speculation online at the weekend that the Melbourne Writers Festival was also hacked, but organisers said on Sunday they had no evidence of any data breach.

“Melbourne Writers Festival is aware of recent speculation about a potential data breach,” a spokesperson said. “We want to reassure our customers and stakeholders that we have investigated and have found no evidence of unauthorised access to, or compromise of, MWF customer or company data.

“We take the security of our systems and the privacy of our customers seriously and are continuing to diligently monitor our systems as part of our standard security practices.”

If you are concerned about the risk of identity fraud, contact IDCARE, Australia’s national identity and cyber support service: idcare.org

Must-see movies, interviews and all the latest from the world of film delivered to your inbox. Sign up for our Screening Room newsletter.

Roy WardRoy Ward is a sports writer, live blogger and breaking news journalist. He’s been writing for The Age since 2010.Connect via X or email.
Nell GeraetsNell Geraets is a Culture reporter at The Age and The Sydney Morning Herald.Connect via X or email.

RELATED ARTICLESMORE FROM AUTHOR