Ticketmaster are warning that customers personal data and payment information may have been accessed by an unknown third-party.
The breach was identified by Ticketmaster on the 23rd June 2018 and customers who may have been affected by the security breach have been contacted. This includes customers who may have bought tickets, or attempted to buy tickets, between February 2018 and 23 June 2018.
How did the breach happen?
Ticketmaster report that an external third-party supplier to Ticketmaster, Inbenta Technologies, whose customer support product was running on Ticketmaster International websites, contained malicious software.
“…some of our customers’ personal or payment information may have been accessed by an unknown third-party”
The websites affected include Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb.
Personal Information compromised.
The personal identifiable information which may have been compromised, according to Ticketmaster, include name, address, email address, telephone number, payment details, and Ticketmaster login details.
Advice from Ticketmaster
Ticketmaster have advised that customers monitor their account statements for evidence of fraud or suspicious activity and contact their bank or credit card companies if they are concerned.
They have advised the customers that they have notified to reset their passwords.
Breach has occurred less than one month after GDPR live date
This comes less than a month after GDPR came into affect and the investigation by the ICO will be likely to look at the due diligence carried out by Ticketmaster on the third party supplier, what technical and organisational controls were in place, whether any pentesting had been carried out and what monitoring was in place to detect the breach.