Cinema and media powerhouse National Amusements has confirmed suffering a breach in which hackers stole sensitive information from thousands of users, putting them at risk of identity theft.
The conglomerate has filed a report with the Office of the Maine Attorney General in which it reported suffering a data breach in December 2022. During the incident, the attackers stole sensitive personal information from 82,128 people.
National Amusements discovered the breach more than half a year later, in August 2023, and started notifying affected individuals last week.
While the filing doesn’t say exactly which types of data were stolen, it does say that the attackers took “name or other personal identifiers”, together with financial account numbers or credit/debit card numbers (in combination with security code, access code, password, or PIN for the accounts). That means that the hackers most likely had valid payment data for more than half a year, without anyone knowing.
Other details are scarce. We don’t know who the attackers are, and if they breached National Amusements using malware or social engineering. These types of data breaches often come with a ransomware infection, but we don’t know if that is the case here, or if the company paid the ransom.
We also don’t know if the affected people are customers, clients, or employees. In its writeup, TechCrunch suggests it might be the latter, as the breach notification letter was sent out via the Human Resources (HR) department, which usually handles matters related to employees.
The company declined the media’s request for further comment.
National Amusements is a cinema and media powerhouse, owning more than 1,500 cinemas across the United States. It is also the parent company of Paramount, one of the global leaders in premium entertainment content, as well as CBS, an American commercial broadcast television and radio network.