Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Metropolitan Opera Breach. Show all posts

NYC’s Metropolitan Opera Faces Lawsuit for 2022 Data Breach


World’s largest opera house, the New York City’s Metropolitan Opera has recently been charged with a class action lawsuit following a data breach that took place in year 2022 and apparently compromised private information of around 45,000 employees and patrons. The lawsuit has been filed in the Manhattan Supreme Court.

According to Anthony Viti, former Met employee – the largest performing arts organization in the country – and the lead plaintiff in the lawsuit, the private information that is compromised in the breach includes victim’s Social Security number, driver’s license number, date of birth and financial account information.

When the breach was first reported by The New York Times in December, the company's website and box office had been down for more than 30 hours.

The lawsuit reads, “For approximately two months, The Met failed to detect an intruder with access to and possession of The Met’s current/former employees and consumers’ data[…]It took a complete shutdown of The Met’s website and box office for The Met to finally detect the presence of the intruder.”

Following the incident, The Met requested a third-party forensic investigation, which revealed that cybercriminals had stolen personally identifiable information over a two-month period between September and December.

“Through an investigation conducted by third-party specialists, the Met learned that an unknown actor gained access to certain of their systems between September 30, 2022 and December 6, 2022 and accessed or took certain information from those systems,” Stephanie Basta, the opera’s lawyer, wrote in a letter submitted to the Maine Attorney General on May 3.

Following the lawsuit, The Met responded by offering victims with a year of credit monitoring services.


The lawsuit condemned The Met, stating "The Met failed to detect an intruder with access to and possession of The Met's current/former employees' and consumers' data[…]It took a complete shutdown of The Met's website and box office for The Met to finally detect the presence of the intruder."

Viti said The Met's response to the data breach has been "woefully insufficient" and alleged that the organization did not disclose to affected parties that their data had been compromised until May 3, nearly five months after the incident.

However, The Met dejects the claims, saying “We strongly believe this case has no merit.”