Ticketmaster UK customers’ personal and payment information may have been accessed in an online ‘security incident’ earlier this year, the ticket sales company has warned.
Ticketmaster says UK customers who purchased, or attempted to purchase, tickets between February and 23 June 2018 may have been affected as well as international customers who purchased, or attempted to purchase, tickets between September 2017 and 23 June 2018.
Information which may have been compromised includes customers’ name, address, email address, telephone number, payment details and Ticketmaster login details.
In the email to those customers, Ticketmaster said it had set up a website to answer any questions and advised them to reset their passwords. It also offered them a free 12-month identity monitoring service.
What happened?
Ticketmaster UK says that last Saturday (23 June), it spotted that malicious software on a customer support product hosted by an external third-party supplier was exporting Ticketmaster UK customers’ data to an unknown third-party.
It says that as soon as it discovered the malicious software, it disabled the product across all Ticketmaster websites.
As a result of the product running on Ticketmaster International websites, some international customers’ personal or payment information may also have been accessed by an unknown third-party.
Security experts are working to understand how the data was compromised.
I’m affected – what should I do?
If you receive an email telling you that you’re affected, the first step is to change your Ticketmaster password. If you use the same password on other sites, make sure you change it there as well.
Ticketmaster UK is also recommending that you monitor your account statements for evidence of fraud or identity theft.
Ticketmaster is confident it has complied with General Data Protection Regulation (GDPR) rules – acting very quickly and informing all relevant authorities, including the Information Commissioner’s office.
The UK’s National Cyber Security Centre – a division of GCHQ – said it was monitoring the situation.
“The NCSC is working with our partners to better understand the incident,” added a spokesman.
Ticketmaster’s parent, Live Nation, declared it had 86 million customers in its most recent annual report.
However, a spokeswoman was unable to break out a figure for Ticketmaster’s total number of UK clients.
One expert said members of the public should now be on the lookout for follow-up phishing scams.
“After an incident like this, criminals from around the world will jump at the chance to try and catch a few unsuspecting people out,” said Brooks Wallace from the cyber-security specialist Trusted Knight.
“If you receive any emails purporting to be from Ticketmaster asking for any personal information, discard them. If you need to contact Ticketmaster, type the website address into your browser and log-in that way.”
If you are worried that you might be affected but haven’t received an email, you can contact Ticketmaster UK on its online form.
