Johnson County Park and Recreation District (JCPRD) has recently disclosed a potential data breach that may have exposed sensitive information related to credit card transactions on their Theatre in the Park online box office system. If you used your credit card to make a purchase through this platform, you may be entitled to compensation. Here’s everything you need to know about this breach and your legal options.
Johnson County Park and Recreation District’s Data Breach Investigation
On September 30, 2025, JCPRD was alerted to unusual activity on the online sales checkout page for their Theatre in the Park website. The system, which handles public ticket sales, is administered and hosted by third-party provider Skyway Networks. After receiving the alert, JCPRD launched an immediate investigation with Skyway’s assistance to understand the extent of the breach.
The investigation revealed that unauthorized code had been present on the checkout page from March 13, 2025, through September 30, 2025. This malicious code was potentially capable of capturing sensitive transaction data, including credit card information, from individuals who made purchases during this time. However, JCPRD has stated that there is no confirmed evidence that the unauthorized party accessed or acquired the data.
Despite this, the District is notifying affected individuals as a precaution and offering complimentary credit monitoring and identity protection services to those whose information may have been impacted. JCPRD also reset all passwords associated with the Theatre in the Park online sales platform and implemented additional security measures to prevent future incidents.
When Did This Breach Occur?
The data breach involving Johnson County Park and Recreation District’s Theatre in the Park website began on March 13, 2025, when unauthorized code was first detected on the online sales checkout page. The issue was reported to JCPRD on September 30, 2025, and the breach was subsequently confirmed. The affected period for transactions was between March 13, 2025, and September 30, 2025.
What Information Was Breached?
The following transaction information may have been exposed in the breach:
- Name
- Credit card number
- Credit card expiration date
- Credit card CVV code
If you made a purchase through the JCPRD Theatre in the Park website between March 13, 2025, and September 30, 2025, your personal credit card details may have been captured by the unauthorized code.
What You Can Do
If you were impacted by the Johnson County Park and Recreation District data breach, it is important to take action to protect yourself:
- Monitor Your Credit Card Statements: Carefully review your credit card and bank statements for any unauthorized charges. Report any suspicious activity immediately to your bank or credit card provider.
- Place a Fraud Alert or Credit Freeze: Consider placing a fraud alert or credit freeze on your credit file with the major credit bureaus. This will make it more difficult for anyone to open new accounts in your name.
- Sign Up for Identity Protection Services: JCPRD is offering complimentary credit monitoring and identity protection services to those affected by the breach. Be sure to take advantage of this service to help safeguard your identity.
- Check Your Credit Report: Regularly monitor your credit report for any unusual activity that could suggest identity theft or fraud.
- Consult an Attorney: If you believe your personal information has been compromised, you may want to consult with an attorney to understand your legal options. You could be entitled to compensation for any damages caused by this breach, including emotional distress, time spent dealing with the incident, and out-of-pocket expenses.
File a Data Breach Lawsuit Against Johnson County Park and Recreation District
