- The compromised guest information includes names, date of birth, e-mail addresses, phone numbers, addresses, previous purchases, as well as credit card details.
- Upon discovery, Tivoli’s IT department took the necessary immediate steps and secured the website.
Tivoli Gardens, an amusement park in Copenhagen, Denmark, had its ‘My Tivoli’ website compromised allowing hackers to gain access to Tivoli products and guest information.
What was compromised?
My Tivoli site enables guests to log in and access Tivoli products, annual cards, and their past purchases. This site was hacked resulting in the compromise of personal information of guests’ including their names, date of birth, e-mail addresses, phone numbers, addresses, previous purchases, as well as credit card details.
The big picture
The amusement park’s website administrators became aware of the hack after they noticed an unusual spike in customer logins. Guests who tried to log in to their account, received a notification from Tivoli informing them that their My Tivoli account had been logged onto from a different device.
Jonas Buhl Gregersen, Tivoli’s director of IT and Business Development, noted that during this attack on My Tivoli there was a maximum of three logins with the same email address and a maximum of two with the wrong password.
What was the response?
- Upon discovery, the amusement park reported the incident to the police and the Danish Data Inspectorate.
- Tivoli’s IT department took the necessary immediate steps and secured the website.
- All the impacted guests were notified about the hack attack.