Ticketmaster confirms data breach three months after warning from banks

Ticketmaster confirms data breach three months after warning from banks

Ticketmaster has gone public on a data breach affecting the personal and payment card details of 40,000 customers, despite being warned about suspicious activity on customer cards back in April.

Ticketmaster formally informed customers who bought concert, theatre and sporting event tickets between February and 23 June of the breach yesterday.

In a letter to customers, the company states: "On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by chatbot vendor Inbenta Technologies, an external third-party supplier to Ticketmaster.

"As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.

"As a result of Inbenta’s product running on the Ticketmaster UK website, some of our customers’ personal or payment information may have been accessed by an unknown third-party."

However, the company was first warned by digital bank Monzo of a spike in fraud on Ticketmaster customer accounts back in April. In a blog post, Monzo says that despite the obvious patterns of fraud emerging, Ticketmaster failed to act: "On Thursday 19th April, they told us an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns."

In the meantime, Monzo contacted all customers who had ever dealt with Ticketmaster - about 5,000 - to replace their cards.

Inbenta, meanwhile, has laid the blame for the breach squarely at the door of Ticketmaster. In a statement on the company's Website, Inbenta CEO Jordi Terras states: "It has been confirmed that the source of the data breach was a single piece of JavaScript code, that was customized by Inbenta to meet Ticketmaster's particular requirements. This code is not part of any of Inbenta's products or present in any of our other implementations.

"Ticketmaster directly applied the script to its payments page, without notifying our team.

"Had we known that the customised script was being used this way, we would have advised against it, as it incurs greater risk... The attacker(s) located, modified, and used this script to extract the payment information of Ticketmaster customers processed between February and June 2018."

In its letter to affected customers, Ticketmaster says: "We are offering impacted customers a free 12 month identity monitoring service with a leading provider. We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies."

Comments: (0)