ACMI hit with data breach days after MIFF’s ticketing platform hacked

A second Melbourne arts institution is investigating a data breach, in which the personal information of almost 26,000 people has been exposed, days after the data of thousands of Melbourne International Film Festival customers was compromised.

The Australian Centre for the Moving Image (ACMI) discovered that data from one of its third-party systems was accessed without authorisation on Tuesday. An ACMI spokesperson said the data breach had only impacted customers who had hired a title from the centre’s online streaming service, Cinema 3.

The centre did not specify which third-party system it uses. ACMI says it does not use Ferve Tickets – the platform used by MIFF that was recently hacked – as part of its ticketing platform.

“As soon as the breach was identified, our technology team contained the incident and secured the platform,” an ACMI spokesperson said on Thursday. “ACMI conducted a full review of our systems, and no further breaches were identified.”

The spokesperson noted that ACMI’s ticketing system – used for tickets to in-person screenings and exhibitions – was separate from the system it used for Cinema 3, and had not been affected in the breach.

The personal information accessed in the leak may include full names, email addresses, IP addresses and order details, which include the titles customers rented, when they rented them and how they paid. The ACMI spokesperson stressed that customers’ financial details were not stored in the breached system, so had not been compromised. Passwords were also not exposed.

ACMI had emailed all affected customers directly, it said in a media release on Wednesday. If customers did not receive an email, their information was not affected.

The centre recommended customers change their online passwords, remain wary of scamemails and monitor their accounts for any unusual activity.

When asked if there was any indication that the same person or group was responsible for the attacks on both organisations, ACMI said it was investigating who might have been behind the breach.

“ACMI is following our cyber intrusion procedure,” the spokesperson said. “We are working with the Victorian Government Cyber Incident Response Service and the third-party provider involved to investigate the cause of the incident and are continuing to monitor the situation.”

MIFF experienced a similar breach of its third-party ticketing platform, Ferve Tickets, which it first became aware of on Friday. While the festival’s spokesperson stressed that complete payment card details were not accessible on the Ferve platform, they said ab