Ticketmaster is a well-known global ticket selling business and they suffered a data breach starting in February 2018 and continuing through to late June.
A piece of malware on a customer service system operated by a third party had been exporting customer data to a scammer and Ticketmaster claim to have known nothing about this until June 23rd.
However, Digital bank Monzo did spot in April that customers’ cards were being compromised and warned Ticketmaster but “couldn’t get any traction” out of the company.
Monzo contacted all of its customers who had ever dealt with Ticketmaster – about 5,000 – and replaced their cards.
It also told banks that are part of the UK Finance group in April that it was aware of what appeared to be a significant data breach at Ticketmaster.
Ticketmaster say they investigated at the time but found no problem. The fault was in third party software not Ticketmaster’s own software, but that doesn’t excuse their apparent lack of responsibility for their customers who were being compromised.
Ticketmaster eventually realised there was a serious problem and said customers who bought concert, theatre and sporting event tickets between February and 23 June 2018 may have been affected by the incident, which involved malicious software being used to steal people’s names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details.
The breach also affects customers of two other UK websites owned by Ticketmaster: TicketWeb and the resale website Get Me In!
Ticketmaster claims that the data for less than 40,000 people was affected.
Ticketmaster could face questions over whether there was a delay in disclosing the breach after it emerged that some UK banks had known about the incident since early April.
Ticketmaster has subsequently warned customers: “We recommend that you monitor your account statements for evidence of fraud or identity theft.
Ticketmaster said it was offering affected customers a free 12-month identity monitoring service. There is a dedicated website at security.ticketmaster.co.uk, and customers can also email firstname.lastname@example.org for further information or to register their concern.
Companies need to protect their customer’s data, but also how they deal with such problems when they occur, can affect the outcome as much as the details of the actual problem. Ticketmaster have not come out of this very well.
Do leave a comment on this post – click on the post title then scroll down to leave your comment.