Ticketmaster has confirmed that the company has suffered a security breach that could affect up to 40,000 UK customers.
The company claims that customers’ personal information along with credit and debit card details may have been stolen.
Ticketmaster Data Breach
Ticketmaster says malicious software was discovered on third-party customer support product, Inbenta Technologies, which allowed hackers to access sensitive information.
Information that may have been stolen includes names, addresses, email addresses, payment details, log-in credentials and payment details.
Ticketmaster released a statement confirming the breach on Wednesday 27th June, stating: “On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.”
The company confirmed that all affected customers have been contacted by email, which advised users of the website to reset their passwords. Additionally, it has offered any affected customer a free 12-month identity monitoring service.
Ticketmaster said the breach may have affected UK customers who purchased tickets from February 2018 to June 2018.
Although believed to be confined to UK customers, international users of the service have been informed and told to remain vigilant as anywhere up to 5% of the global customer base may also have been exposed.
Ticketmaster’s parent company, Live Nation, declared in its most recent annual report that it has around 86 million customers worldwide.
It said: “We recommend that you monitor your account statements for evidence of fraud or identity theft.
“If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies.”
The company insisted that it has fully complied with General Data Protection Regulation (GDPR) rules – informing all relevant authorities and acting quickly. The Information Commissioners Office has been informed of the breach.
Companies who fail to act swiftly during a potential data breach risk heavy fines under the new data protection regulations.
The National Cyber Security Centre says it is monitoring the situation and working with the ticket sales service to find a solution.
A spokesperson said: “We are aware of a cyber incident affecting Ticketmaster. The NCSC is working with our partners to better understand the incident.”
Dr Jamie Graves, the CEO of cyber security and insider threat experts, Zonefox, told DIGIT:
“While details are still emerging around the Ticketmaster breach, reports are suggesting that the source was an external third-party supplier exporting customers’ data.
“What is clear here is that the issue of supply chain or partner security is very real and very serious, given these partners can have a great deal of access to Ticketmasters network. This effectively makes them an ‘insider’ or ‘trusted party’ within the walls of that company. As with any insider or trusted partner – if proper monitoring is not put in place, then security incidents like this can occur quickly and without warning.
“In order to identify and remedy the situation as fast as possible, businesses must ensure they have some form of behavioural monitoring solution in place at all times, to identify and combat any breaches and suspicious activity from staff and partners alike immediately.
“It also means that a clear set of policies, standards and best-practices need to be agreed upon and reinforced with third parties. Online booking sites often operate in a complex supply chain; a supply chain that can be climbed by an attacker, moving from the bottom of the food chain upwards throughout other connected businesses. Therefore, technology and education need to be in place with key suppliers, distributors and third parties just as stringently as within the owner’s own business. ”
Monzo Weighs In
After the announcement by Ticketmaster, Monzo weighed into the affair with potentially damaging claims.
According to Monzo there were warning signs dating as far back as April of 2018. The company claims that on Friday 6th of April, around 50 customers contacted customer support services to report fraudulent transactions taking place on their accounts.
Monzo says it immediately replaced the cards and did not believe the event to be particularly unusual. Upon further investigation, however, the company’s Financial Crime and Security team highlighted a pattern of fraudulent activity.
Nearly three-quarters of customers affected had used their cards with the same online merchant – Ticketmaster – between December 2017 and April 2018. Considering that only 0.8% of all Monzo customers used Ticketmaster throughout that period, the evidence pointed toward significant fraudulent activity.
Continued tracking of Ticketmaster activity revealed a string of compromised cards, and it was at this point that Monzo made the decision to contact Mastercard and replace every card that had been used at the ticketing service. In a statement, Monzo claims that Ticketmaster told the company it had carried out an investigation and found no evidence of fraudulent activity, despite repeated advice.
It said: “Throughout this period we were in direct contact with Ticketmaster. On Thursday 19th April, they told us an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”