Ticketmaster customer info compromised after data breach
Ticketmaster customers have been warned that they could be at risk of identity theft after the company yesterday confirmed that data had been compromised after an extensive data breach. The breach involved a malicious software on a customer support product hosted by an external third party supplier, Inbenta Technologies.
The product ran on Ticketmaster International, Ticketmaster UK, Get Me In and TicketWeb websites. Those potentially affected are UK customers who bought or attempted to buy tickets between February and 23 June 2018 and international customers who used the service between September 2017 and 23 June. Those thought to be affected have been notified.
Ticketmaster is advising those affected to change their passwords on their next sign in and monitor their account statements for evidence of fraudulent activity. Impacted customers are also being offered a free 12 month identity monitoring service with a leading provider. On a dedicated website set up to addressing the questions of those affected, Ticketmaster says it is working with relevant authorities, credit card companies and banks, as well as forensic teams and security experts.
Ticketmaster serves over 230 million customers worldwide each year, though it believes less than 5% have been affected by the breach.
The Guardian is reporting that a number of Ticketmaster customers have already experienced fraudulent activity on their accounts. According to the newspaper, people have identified unauthorised transfers using the service Xendpay and unauthorised purchasing of Uber gift cards and payments to Netflix.
The news of this data breach is the second event of its kind involving a ticketing company in recent weeks. Earlier this month, leading US ticketing platform Ticketfly was involved in a cyber attack which led to the data from 27 million accounts being compromised. Ticketmaster serves over 230 million customers worldwide each year, though it believes less than 5% have been affected by the breach.
Both events are particularly timely, coming just a month after the adoption of the new European General Data Protection Regulation (GDPR) on 25 May. GDPR requires all companies, even outside of the EU to ensure that data belonging to European citizens be treated with “an appropriate level of security”.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.