Sign up for IQ Index
The latest industry news to your inbox.
A UK law firm is suing Ticketmaster for up to £5m following a security breach last year which led to “multiple fraudulent transactions”
By Anna Grace on 05 Apr 2019
A British law firm has launched a £5 million law suit against Ticketmaster following a security breach in June last year, which may have affected up to 40,000 users of the ticketing service in the UK.
Widnes law firm Hayes Connor issued its claim at the High Court in Liverpool on Wednesday (3 April) on behalf of over 650 claimants. The company is pursuing damages of up to $5m (US$6.5m), saying many claimants “suffered multiple fraudulent transactions” and a third endured “significant stress”.
Ticketmaster UK confirmed it had identified a major security breach on its systems on 23 June 2018. The breach was caused by malicious software on a third-party customer support product hosted by Inbenta Technologies. Ticketmaster immediately disabled the product across its platforms.
The following month, cyber-security firm RiskIQ warned the TM hack was the “tip of the iceberg”, noting that the Ibenta plug-in also ran on hundreds of other ecommerce sites.
Data, including personal information and payment and login details, is believed to have been stolen. Ticketmaster has not confirmed how many customers were affected.
“More than two thirds of our clients have suffered multiple fraudulent transactions since the serious data breach”
The breach was announced after the new General Data Protection Regulation (GDPR) came into effect.
Digital, mobile-only bank Monzo claims to have spotted the breach months earlier, notifying Ticketmaster to the security breach on 12 April.
“Ticketmaster failed to action the breach until two months after it was alerted to the fact by digital bank Monzo,” says Kingsley Hayes, managing director of Hayes Connor Solicitors.
“More than two thirds of our clients have suffered multiple fraudulent transactions since the serious data breach with the remainder still at risk of having their money stolen or their details used for fraudulent activity in the future,” adds Hayes.
Investigations into the security breach by the Information Commissioner’s Office (ICO) and National Crime Agency (NCA), along with officers from the National Cyber Crime Unit (NCCU), are ongoing.