Businesses are being warned to brace themselves for a sustained barrage of hack attacks following claims that a ransomware collective has grabbed the personal details of more than 560 million Ticketmaster customers, in what would be one of the largest security breaches ever.
The collective, known as Shiny Hunters, has claimed on the dark web it has the personal details of hundreds of millions of Ticketmaster customers available for a one-time sale of $500,000 (£393,000), including names, addresses, emails, phone numbers and the last four digits and expiration date of credit cards.
It has also demanded a ransom for the data not to be released and it has also been behind other high-profile data breaches, resulting in the loss of millions of dollars to the companies involved.
In 2021, the group sold a database of stolen information from 70 million customers of US telecoms firm AT&T, while in September last year, almost 200,000 Pizza Hut customers in Australia had their data breached.
Even so, this is not the first time Ticketmaster has been hit. Back in 2018, the live entertainment giant suffered a mass breach in Europe, which saw customers’ names, payment card numbers, expiry dates and CVV numbers compromised. At the time, it was reported that 9.4 million Ticketmaster customers had been affected across Europe, including 1.5 million in the UK.
The breach began in February 2018 when Monzo Bank customers reported fraudulent transactions. The Commonwealth Bank of Australia, Barclaycard, Mastercard and American Express all reported suggestions of fraud to Ticketmaster. But the company failed to identify the problem.
In total, it took Ticketmaster nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page. It was eventually fined £1.25m by the UK Information Commissioner’s Office, although this could have been much higher if the incident had started after May 2018, when GDPR had come into force.
In response to the latest attack, Xavier Sheikrojan, senior risk intelligence manager at fraud protection platform Signifyd, said: “The suspected Ticketmaster breach could have a more significant impact on businesses than initially anticipated, leading to a surge in phishing and account takeover attempts as fraudsters exploit stolen information.
“The repercussions could last for months or even years, especially with the rise of sleeper accounts – these are accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later.
“Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing customers. This not only protects the business but also safeguards loyal customers.
“A force reset of passwords can be a great strategy to provide extra protection for your customers. If you have manual review teams, ensure they are educated and aware of the latest data breach trends. Additionally, proactively find ways to optimise your machine learning detection. Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach.”
Ticketmaster has yet to comment on the incident.
Related stories
Ticketmaster settles breach payout but denies liability
Ticketmaster rips up data breach compensation claims
Ticketmaster preps band of lawyers to fight GDPR fine
Ransomware victims who pay up are nearly all hit again
Gamers attacked as Fortnite firm suffers data breach
UK firms braced for fresh wave of ransomware attacks
UK firms still in dark over new cyber security measures
Major brands warned over extortion after global attack