Ticketmaster has admitted that the company suffered a security breach this past weekend from a third-party supplier. The Ticketmaster data breach reportedly included personal and payment information for 40,000 users in the United Kingdom.
The company confirmed on Twitter that malicious software caused the hack on the third-party support product Inbenta Technologies. All affected customers have been contacted via email, stating that the breach likely affected customers who purchased or attempted to purchase tickets between February and June 23, 2018. It also informed international customers who had or tried to purchase tickets between last September 2017 and this June as a precaution.
North American customers have not been affected, it noted.
The information that could have been compromised includes names, addresses, and email addresses, as well as telephone numbers, payment details, and log-in details for Ticketmaster.com. It is suggested that customers affected should contact their banks and credit card companies.
Ticketmaster stated in the email that a website has been set up to answer any questions and advise users on how to reset their passwords. Additionally, it is offering users a 12-month identity monitoring service free of charge. In order to figure out how the data was obtained, Ticketmaster claims that “forensic teams and security experts are working around the clock” and are “working with the Information Commissioner’s Office (ICO), as well as credit card companies, banks and relevant authorities.”
“Ticketmaster understands the importance of your personal information,” the statement said. “We take the protection of that information very seriously and we are sorry to have to write to you in these circumstances.”
According to BBC, the UK’s National Cyber Security Centre – which is a division of the General Data Protection Regulation (GCHQ) – said it was monitoring the situation. A spokesman added that the NCSC is working with its partners to understand the incident.
Although Ticketmaster’s parent Live Nation declared it has 86 million customers in its recent annual report, a spokeswoman was unable to obtain a figure for Ticketmaster’s total number of clients in the UK.
“After an incident like this, criminals from around the world will jump at the chance to try and catch a few unsuspecting people out,” Brooks Wallace from the cyber-security specialist Trusted Knight told BBC.
“If you receive any emails purporting to be from Ticketmaster asking for any personal information, discard them. If you need to contact Ticketmaster, type the website address into your browser and log-in that way.”
This data breach follows Ticketfly’s cyber attack late last month. Out of caution, all Ticketfly systems went offline as the company looked into the issues. Ticketfly, which is owned by Eventbrite, slowly began to come back online, after impacting up to 26 million user accounts. The company confirmed that client and customer information had been compromised, however, credit and debit card information was not accessed. Earlier this month, Ticketfly was officially back online.