Shubert Organization Data Breach on Telecharge Platform

The Shubert Organization Inc., America's oldest professional theatre company and the largest theatre owner on Broadway, disclosed a data breach involving its Telecharge ticketing platform. The breach occurred on Jan. 19, 2026.

The breach was reported to the California Attorney General on March 20, 2026. The company began sending notification letters to affected consumers on the same date.

The total number of individuals affected by the breach was not publicly disclosed.

What happened in The Shubert Organization data breach

On Jan. 19, 2026, an unknown cyber actor carried out a brute force attack against certain accounts on Telecharge, The Shubert Organization's ticketing website, according to the company's notification to consumers. A brute force attack is a method in which an attacker systematically tries many passwords or login combinations in an effort to gain unauthorized access to user accounts.

Through this attack, the cyber actor was able to access certain Telecharge accounts without authorization.

After discovering the unauthorized access, the company took steps to confirm that the Telecharge website was secure. It then launched a review to determine which accounts had been accessed and to identify the individuals those accounts belonged to.

The specific types of personal information that may have been accessed were not disclosed in the publicly available version of the notice.

The Shubert Organization's response to the breach

As part of its response, the company deactivated the Telecharge accounts of affected individuals. This step was taken to prevent any further unauthorized access to those accounts.

The company also recommended that anyone who used the same password for accounts outside of Telecharge change those passwords right away.

Individuals who wish to continue using Telecharge will need to create a new account with a new password. The Shubert Organization noted that a Telecharge account is not required to use the Telecharge website, so affected consumers can still purchase tickets without setting up a new account.

The company stated that, as part of its ongoing commitment to the privacy of information in its care, it is reviewing its security measures to help reduce the chance of a similar event happening again. It also said it is providing affected individuals with additional resources they can use to help protect their personal information.

A dedicated toll-free helpline has been set up at 1-833-877-8625 for anyone who has questions about the incident or needs assistance. The helpline is available Monday through Friday from 8 a.m. to 8 p.m. Eastern time, excluding major U.S. holidays.

Steps to take if your information was exposed

• Change passwords on any accounts that used the same password as Telecharge. Reusing passwords across multiple websites increases the risk of unauthorized access when one account is compromised.
• Use a strong, unique password for any new Telecharge account. A password manager can help generate and securely store different passwords for each website.
• Request free credit reports at AnnualCreditReport.com and review them for any unfamiliar accounts or suspicious activity, as this is a good precautionary step regardless of the type of information involved.
• Consider placing a fraud alert or credit freeze with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) as an added layer of protection.
• Review the personalized notification letter carefully to understand exactly what information may have been accessed and take steps appropriate to those specific data types.
• Be cautious of phishing attempts that reference The Shubert Organization, Telecharge or this breach by name, as scammers sometimes use real breach events to trick people into sharing personal information.